7e9da4
Key:
7e9da4
7e9da4
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
7e9da4
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
7e9da4
e7e063
New in release OpenJDK 8u322 (2022-01-18):
e7e063
===========================================
e7e063
Live versions of these release notes can be found at:
e7e063
  * https://bitly.com/openjdk8u322
e7e063
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
e7e063
e7e063
* Security fixes
e7e063
  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
e7e063
  - JDK-8268488: More valuable DerValues
e7e063
  - JDK-8268494: Better inlining of inlined interfaces
e7e063
  - JDK-8268512: More content for ContentInfo
e7e063
  - JDK-8268795: Enhance digests of Jar files
e7e063
  - JDK-8268801: Improve PKCS attribute handling
e7e063
  - JDK-8268813, CVE-2022-21283: Better String matching
e7e063
  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
e7e063
  - JDK-8269944: Better HTTP transport redux
e7e063
  - JDK-8270392, CVE-2022-21293: Improve String constructions
e7e063
  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
e7e063
  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
e7e063
  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
e7e063
  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
e7e063
  - JDK-8271962: Better TrueType font loading
e7e063
  - JDK-8271968: Better canonical naming
e7e063
  - JDK-8271987: Manifest improved manifest entries
e7e063
  - JDK-8272014, CVE-2022-21305: Better array indexing
e7e063
  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
e7e063
  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
e7e063
  - JDK-8272272: Enhance jcmd communication
e7e063
  - JDK-8272462: Enhance image handling
e7e063
  - JDK-8273290: Enhance sound handling
e7e063
  - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
e7e063
  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
e7e063
  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
e7e063
* Other changes
e7e063
  - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
e7e063
  - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
e7e063
  - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
e7e063
  - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
e7e063
  - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
e7e063
  - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
e7e063
  - JDK-8048021: Remove @version tag in jaxp repo
e7e063
  - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
e7e063
  - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
e7e063
  - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
e7e063
  - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
e7e063
  - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
e7e063
  - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
e7e063
  - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
e7e063
  - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
e7e063
  - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
e7e063
  - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
e7e063
  - JDK-8148915: Intermittent failures of bug6400879.java
e7e063
  - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
e7e063
  - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
e7e063
  - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
e7e063
  - JDK-8182036: Load from initializing arraycopy uses wrong memory state
e7e063
  - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
e7e063
  - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
e7e063
  - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
e7e063
  - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
e7e063
  - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
e7e063
  - JDK-8190793: Httpserver does not detect truncated request body
e7e063
  - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
e7e063
  - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
e7e063
  - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
e7e063
  - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
e7e063
  - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
e7e063
  - JDK-8225083: Remove Google certificate that is expiring in December 2021
e7e063
  - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
e7e063
  - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
e7e063
  - JDK-8231438: [macOS] Dark mode for the desktop is not supported
e7e063
  - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
e7e063
  - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
e7e063
  - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
e7e063
  - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
e7e063
  - JDK-8237499: JFR: Include stack trace in the ThreadStart event
e7e063
  - JDK-8239886: Minimal VM build fails after JDK-8237499
e7e063
  - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
e7e063
  - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
e7e063
  - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
e7e063
  - JDK-8273308: PatternMatchTest.java fails on CI
e7e063
  - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
e7e063
  - JDK-8273826: Correct Manifest file name and NPE checks
e7e063
  - JDK-8273968: JCK javax_xml tests fail in CI
e7e063
  - JDK-8274407: (tz) Update Timezone Data to 2021c
e7e063
  - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
e7e063
  - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
e7e063
  - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
e7e063
  - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
e7e063
  - JDK-8275766: (tz) Update Timezone Data to 2021e
e7e063
  - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
e7e063
  - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
e7e063
e7e063
Notes on individual issues:
e7e063
===========================
e7e063
e7e063
security-libs/java.security:
e7e063
e7e063
JDK-8271434: Removed IdenTrust Root Certificate
e7e063
===============================================
e7e063
The following root certificate from IdenTrust has been removed from
e7e063
the `cacerts` keystore:
e7e063
e7e063
Alias Name: identrustdstx3 [jdk]
e7e063
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
e7e063
e7e063
JDK-8272535: Removed Google's GlobalSign Root Certificate
e7e063
=========================================================
e7e063
The following root certificate from Google has been removed from the
e7e063
`cacerts` keystore:
e7e063
e7e063
Alias Name: globalsignr2ca [jdk]
e7e063
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
e7e063
e7e063
core-libs/java.time:
e7e063
e7e063
JDK-8274857:  Update Timezone Data to 2021c
e7e063
===========================================
e7e063
IANA Time Zone Database, on which JDK's Date/Time libraries are based,
e7e063
has been updated to version 2021c
e7e063
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
e7e063
that with this update, some of the time zone rules prior to the year
e7e063
1970 have been modified according to the changes which were introduced
e7e063
with 2021b. For more detail, refer to the announcement of 2021b
e7e063
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
e7e063
ac89e8
New in release OpenJDK 8u312 (2021-10-19):
ac89e8
===========================================
ac89e8
Live versions of these release notes can be found at:
ac89e8
  * https://bitly.com/openjdk8u312
ac89e8
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
ac89e8
ac89e8
* Security fixes
ac89e8
  - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
ac89e8
  - JDK-8161016: Strange behavior of URLConnection with proxy
ac89e8
  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
ac89e8
  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
ac89e8
  - JDK-8263314: Enhance XML Dsig modes
ac89e8
  - JDK-8265167, CVE-2021-35556: Richer Text Editors
ac89e8
  - JDK-8265574: Improve handling of sheets
ac89e8
  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
ac89e8
  - JDK-8265776: Improve Stream handling for SSL
ac89e8
  - JDK-8266097, CVE-2021-35561: Better hashing support
ac89e8
  - JDK-8266103: Better specified spec values
ac89e8
  - JDK-8266109: More Resilient Classloading
ac89e8
  - JDK-8266115: More Manifest Jar Loading
ac89e8
  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
ac89e8
  - JDK-8266689, CVE-2021-35567: More Constrained Delegation
ac89e8
  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
ac89e8
  - JDK-8267712: Better LDAP reference processing
ac89e8
  - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
ac89e8
  - JDK-8267735, CVE-2021-35586: Better BMP support
ac89e8
  - JDK-8268193: Improve requests of certificates
ac89e8
  - JDK-8268199: Correct certificate requests
ac89e8
  - JDK-8268506: More Manifest Digests
ac89e8
  - JDK-8269618, CVE-2021-35603: Better session identification
ac89e8
  - JDK-8269624: Enhance method selection support
ac89e8
  - JDK-8270398: Enhance canonicalization
ac89e8
  - JDK-8270404: Better canonicalization
ac89e8
* Other changes
ac89e8
  - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
ac89e8
  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
ac89e8
  - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
ac89e8
  - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
ac89e8
  - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
ac89e8
  - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
ac89e8
  - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
ac89e8
  - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
ac89e8
  - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
ac89e8
  - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
ac89e8
  - JDK-8065215: Print warning summary at end of configure
ac89e8
  - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
ac89e8
  - JDK-8079891: Store configure log in $BUILD/configure.log
ac89e8
  - JDK-8080082: configure fails if you create an empty directory and then run configure from it
ac89e8
  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
ac89e8
  - JDK-8131062: aarch64: add support for GHASH acceleration
ac89e8
  - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
ac89e8
  - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
ac89e8
  - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
ac89e8
  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
ac89e8
  - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
ac89e8
  - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
ac89e8
  - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
ac89e8
  - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
ac89e8
  - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
ac89e8
  - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
ac89e8
  - JDK-8214418: half-closed SSLEngine status may cause application dead loop
ac89e8
  - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
ac89e8
  - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
ac89e8
  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
ac89e8
  - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
ac89e8
  - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
ac89e8
  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
ac89e8
  - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
ac89e8
  - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
ac89e8
  - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
ac89e8
  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
ac89e8
  - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
ac89e8
  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
ac89e8
  - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
ac89e8
  - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
ac89e8
  - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
ac89e8
  - JDK-8263311: Watch registry changes for remote printers update instead of polling
ac89e8
  - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
ac89e8
  - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
ac89e8
  - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
ac89e8
  - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
ac89e8
  - JDK-8265978: make test should look for more locations when searching for exit code
ac89e8
  - JDK-8266206: Build failure after JDK-8264752 with older GCCs
ac89e8
  - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
ac89e8
  - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
ac89e8
  - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
ac89e8
  - JDK-8269763: The JEditorPane is blank after JDK-8265167
ac89e8
  - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
ac89e8
  - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
ac89e8
  - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
ac89e8
  - JDK-8269882: stack-use-after-scope in NewObjectA
ac89e8
  - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
ac89e8
  - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
ac89e8
  - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
ac89e8
  - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
ac89e8
  - JDK-8272214: [8u] Build failure after backport of JDK-8248901
ac89e8
  - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
ac89e8
* Shenandoah
ac89e8
  - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
ac89e8
  - Re-cast JNI critical strings patch to be Shenandoah-specific
ac89e8
ac89e8
Notes on individual issues:
ac89e8
===========================
ac89e8
ac89e8
core-libs/java.net:
ac89e8
ac89e8
JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
ac89e8
================================================================================
ac89e8
The behavior of HttpURLConnection when using a ProxySelector has been
ac89e8
modified with this JDK release. HttpURLConnection used to fall back to
ac89e8
a DIRECT connection attempt if the configured proxy(s) failed to make
ac89e8
a connection. This release introduces a change whereby no DIRECT
ac89e8
connection will be attempted in such a scenario. Instead, the
ac89e8
HttpURLConnection.connect() method will fail and throw an IOException
ac89e8
which occurred from the last proxy tested.
ac89e8
ac89e8
security-libs/javax.net.ssl:
ac89e8
ac89e8
JDK-8219551: Updated the Default Enabled Cipher Suites Preference
ac89e8
=================================================================
ac89e8
The preference of the default enabled cipher suites has been
ac89e8
changed. The compatibility impact should be minimal. If needed,
ac89e8
applications can customize the enabled cipher suites and the
ac89e8
preference. For more details, refer to the SunJSSE provider
ac89e8
documentation and the JSSE Reference Guide documentation.
ac89e8
219543
New in release OpenJDK 8u302 (2021-07-20):
219543
===========================================
219543
Live versions of these release notes can be found at:
219543
  * https://bitly.com/openjdk8u302
219543
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
219543
219543
* Security fixes
219543
  - JDK-8256157: Improve bytecode assembly
219543
  - JDK-8256491: Better HTTP transport
219543
  - JDK-8258432, CVE-2021-2341: Improve file transfers
219543
  - JDK-8260453: Improve Font Bounding
219543
  - JDK-8260960: Signs of jarsigner signing
219543
  - JDK-8260967, CVE-2021-2369: Better jar file validation
219543
  - JDK-8262380: Enhance XML processing passes
219543
  - JDK-8262403: Enhanced data transfer
219543
  - JDK-8262410: Enhanced rules for zones
219543
  - JDK-8262477: Enhance String Conclusions
219543
  - JDK-8262967: Improve Zip file support
219543
  - JDK-8264066, CVE-2021-2388: Enhance compiler validation
219543
  - JDK-8264079: Improve abstractions
219543
  - JDK-8264460: Improve NTLM support
219543
* Other changes
219543
  - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
219543
  - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
219543
  - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
219543
  - JDK-7106851: Test should not use System.exit
219543
  - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
219543
  - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
219543
  - JDK-8030123: java/beans/Introspector/Test8027648.java fails
219543
  - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
219543
  - JDK-8033289: clang: clean up unused function warning
219543
  - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
219543
  - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
219543
  - JDK-8035000: clean up ActivationLibrary.DestroyThread
219543
  - JDK-8035054: JarFacade.c should not include ctype.h
219543
  - JDK-8035287: gcc warnings compiling various libraries files
219543
  - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
219543
  - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
219543
  - JDK-8042891: Format issues embedded in macros for two g1 source files
219543
  - JDK-8043264: hsdis library not picked up correctly on expected paths
219543
  - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
219543
  - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
219543
  - JDK-8055754: filemap.cpp does not compile with clang
219543
  - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
219543
  - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
219543
  - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
219543
  - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
219543
  - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
219543
  - JDK-8074835: Resolve disabled warnings for libj2gss
219543
  - JDK-8074836: Resolve disabled warnings for libosxkrb5
219543
  - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
219543
  - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
219543
  - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
219543
  - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
219543
  - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
219543
  - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
219543
  - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
219543
  - JDK-8132148: G1 hs_err region dump legend out of sync with region values
219543
  - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
219543
  - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
219543
  - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
219543
  - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
219543
  - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
219543
  - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
219543
  - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
219543
  - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
219543
  - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
219543
  - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
219543
  - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
219543
  - JDK-8178403: DirectAudio in JavaSound may hang and leak
219543
  - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
219543
  - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
219543
  - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
219543
  - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
219543
  - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
219543
  - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
219543
  - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
219543
  - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
219543
  - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
219543
  - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
219543
  - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
219543
  - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
219543
  - JDK-8206925: Support the certificate_authorities extension
219543
  - JDK-8209996: [PPC64] Fix JFR profiling
219543
  - JDK-8214345: infinite recursion while checking super class
219543
  - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
219543
  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
219543
  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
219543
  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
219543
  - JDK-8228757: Fail fast if the handshake type is unknown
219543
  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
219543
  - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
219543
  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
219543
  - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
219543
  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
219543
  - JDK-8239053: [8u] clean up undefined-var-template warnings
219543
  - JDK-8239400: [8u] clean up undefined-var-template warnings
219543
  - JDK-8241649: Optimize Character.toString
219543
  - JDK-8241829: Cleanup the code for PrinterJob on windows
219543
  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
219543
  - JDK-8243559: Remove root certificates with 1024-bit keys
219543
  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
219543
  - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
219543
  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
219543
  - JDK-8250876: Fix issues with cross-compile on macos
219543
  - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
219543
  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
219543
  - JDK-8254631: Better support ALPN byte wire values in SunJSSE
219543
  - JDK-8255086: Update the root locale display names
219543
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
219543
  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
219543
  - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
219543
  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
219543
  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
219543
  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
219543
  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
219543
  - JDK-8258419: RSA cipher buffer cleanup
219543
  - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
219543
  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
219543
  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
219543
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
219543
  - JDK-8259886: Improve SSL session cache performance and scalability
219543
  - JDK-8260029: aarch64: fix typo in verify_oop_array
219543
  - JDK-8260236: better init AnnotationCollector _contended_group
219543
  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
219543
  - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
219543
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
219543
  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
219543
  - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
219543
  - JDK-8262110: DST starts from incorrect time in 2038
219543
  - JDK-8262446: DragAndDrop hangs on Windows
219543
  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
219543
  - JDK-8262730: Enable jdk8u MacOS external debug symbols
219543
  - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
219543
  - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
219543
  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
219543
  - JDK-8263600: change rmidRunning to a simple lookup
219543
  - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
219543
  - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
219543
  - JDK-8264640: CMS ParScanClosure misses a barrier
219543
  - JDK-8264816: Weak handles leak causes GC to take longer
219543
  - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
219543
  - JDK-8265666: Enable AIX build platform to make external debug symbols
219543
  - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
219543
  - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
219543
  - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
219543
  - JDK-8266723: JFR periodic events are causing extra allocations
219543
  - JDK-8266929: Unable to use algorithms from 3p providers
219543
  - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
219543
  - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
219543
  - JDK-8267545: [8u] Enable Xcode 12 builds on macOS
219543
  - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
219543
  - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
219543
  - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
219543
  - JDK-8269468: JDK-8269388 breaks the build on older GCCs
219543
  - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
219543
* Shenandoah
219543
  - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
219543
  - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
219543
  - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
219543
  - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
219543
  - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
219543
  - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
219543
  - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
219543
  - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
219543
  - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
219543
  - Shenandoah: Process weak roots during class unloading cycle
219543
219543
Notes on individual issues:
219543
===========================
219543
219543
security-libs/java.security:
219543
219543
JDK-8256902: Removed Root Certificates with 1024-bit Keys
219543
=========================================================
219543
The following root certificates with weak 1024-bit RSA public keys
219543
have been removed from the `cacerts` keystore:
219543
219543
Alias Name: thawtepremiumserverca [jdk]
219543
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
219543
219543
Alias Name: verisignclass2g2ca [jdk]
219543
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
219543
219543
Alias Name: verisignclass3ca [jdk]
219543
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
219543
219543
Alias Name: verisignclass3g2ca [jdk]
219543
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
219543
219543
Alias Name: verisigntsaca [jdk]
219543
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
219543
219543
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
219543
=================================================================
219543
219543
The following root certificate have been removed from the cacerts truststore:
219543
219543
Alias Name: soneraclass2ca
219543
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
219543
219543
security-libs/javax.net.ssl:
219543
219543
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
219543
=========================================================================================
219543
Certain TLS ALPN values couldn't be properly read or written by the
219543
SunJSSE provider. This is due to the choice of Strings as the API
219543
interface and the undocumented internal use of the UTF-8 Character Set
219543
which converts characters larger than U+00007F (7-bit ASCII) into
219543
multi-byte arrays that may not be expected by a peer.
219543
219543
ALPN values are now represented using the network byte representation
219543
expected by the peer, which should require no modification for
219543
standard 7-bit ASCII-based character Strings. However, SunJSSE now
219543
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
219543
characters.  This means applications that used characters above
219543
U+000007F that were previously encoded using UTF-8 may need to either
219543
be modified to perform the UTF-8 conversion, or set the Java security
219543
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
219543
219543
See the updated guide at
219543
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
219543
for more information.
219543
219543
JDK-8244460: Support for certificate_authorities Extension
219543
==========================================================
219543
The "certificate_authorities" extension is an optional extension
219543
introduced in TLS 1.3. It is used to indicate the certificate
219543
authorities (CAs) that an endpoint supports and should be used by the
219543
receiving endpoint to guide certificate selection.
219543
219543
With this JDK release, the "certificate_authorities" extension is
219543
supported for TLS 1.3 in both the client and the server sides.  This
219543
extension is always present for client certificate selection, while it
219543
is optional for server certificate selection.
219543
219543
Applications can enable this extension for server certificate
219543
selection by setting the `jdk.tls.client.enableCAExtension` system
219543
property to `true`.  The default value of the property is `false`.
219543
219543
Note that if the client trusts more CAs than the size limit of the
219543
extension (less than 2^16 bytes), the extension is not enabled.  Also,
219543
some server implementations do not allow handshake messages to exceed
219543
2^14 bytes.  Consequently, there may be interoperability issues when
219543
`jdk.tls.client.enableCAExtension` is set to `true` and the client
219543
trusts more CAs than the server implementation limit.
219543
b562af
New in release OpenJDK 8u292 (2021-04-20):
b562af
===========================================
b562af
Live versions of these release notes can be found at:
b562af
  * https://bitly.com/openjdk8u292
b562af
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
b562af
b562af
* Security fixes
b562af
  - JDK-8227467: Better class method invocations
b562af
  - JDK-8244473: Contextualize registration for JNDI
b562af
  - JDK-8244543: Enhanced handling of abstract classes
b562af
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
b562af
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
b562af
  - JDK-8253799: Make lists of normal filenames
b562af
* Other changes
b562af
  - JDK-6345095: regression test EmptyClipRenderingTest fails
b562af
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
b562af
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
b562af
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
b562af
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
b562af
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
b562af
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
b562af
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
b562af
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
b562af
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
b562af
  - JDK-8038723: Openup some PrinterJob tests
b562af
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
b562af
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
b562af
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
b562af
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
b562af
  - JDK-8078450: Implement consistent process for quarantine of tests
b562af
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
b562af
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
b562af
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
b562af
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
b562af
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
b562af
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
b562af
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
b562af
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
b562af
  - JDK-8160217: JavaSound should clean up resources better
b562af
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
b562af
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
b562af
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
b562af
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
b562af
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
b562af
  - JDK-8191915: JCK tests produce incorrect results with C2
b562af
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
b562af
  - JDK-8202343: Disable TLS 1.0 and 1.1
b562af
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
b562af
  - JDK-8211301: [macos] support full window content options
b562af
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
b562af
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
b562af
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
b562af
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
b562af
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
b562af
  - JDK-8223186: HotSpot compile warnings from GCC 9
b562af
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
b562af
  - JDK-8225805: Java Access Bridge does not close the logger
b562af
  - JDK-8226899: Problemlist compiler/rtm tests
b562af
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
b562af
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
b562af
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
b562af
  - JDK-8230388: Problemlist additional compiler/rtm tests
b562af
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
b562af
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
b562af
  - JDK-8234728: Some security tests should support TLSv1.3
b562af
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
b562af
  - JDK-8235311: Tag mismatch may alert bad_record_mac
b562af
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
b562af
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
b562af
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
b562af
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
b562af
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
b562af
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
b562af
  - JDK-8242141: New System Properties to configure the TLS signature schemes
b562af
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
b562af
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
b562af
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
b562af
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
b562af
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
b562af
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
b562af
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
b562af
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
b562af
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
b562af
  - JDK-8253368: TLS connection always receives close_notify exception
b562af
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
b562af
  - JDK-8253932: SSL debug log prints incorrect caller info
b562af
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
b562af
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
b562af
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
b562af
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
b562af
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
b562af
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
b562af
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
b562af
  - JDK-8256682: JDK-8202343 is incomplete
b562af
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
b562af
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
b562af
  - JDK-8258247: Couple of issues in fix for JDK-8249906
b562af
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
b562af
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
b562af
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
b562af
  - JDK-8258933: G1 needs klass_or_null_acquire
b562af
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
b562af
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
b562af
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
b562af
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
b562af
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
b562af
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
b562af
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
b562af
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
b562af
  - JDK-8261183: Follow on to Make lists of normal filenames
b562af
  - JDK-8261231: Windows IME was disabled after DnD operation
b562af
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
b562af
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
b562af
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
b562af
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
b562af
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
b562af
* Shenandoah
b562af
  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
b562af
  - Revert differences against upstream 8u
b562af
  - [backport] 8202976: Add C1 lea patching support for x86
b562af
  - [backport] 8221507: Implement JFR Events for Shenandoah
b562af
  - [backport] 8224573: Fix windows build after JDK-8221507
b562af
  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
b562af
  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
b562af
  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
b562af
  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
b562af
  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
b562af
  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
b562af
  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
b562af
  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
b562af
  - [backport] 8233574: Shenandoah: build is broken without jfr
b562af
  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
b562af
  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
b562af
  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
b562af
  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
b562af
  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
b562af
  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
b562af
  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
b562af
  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
b562af
  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
b562af
  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
b562af
  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
b562af
  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
b562af
  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
b562af
  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
b562af
  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
b562af
  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
b562af
  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
b562af
  - Fix register allocation for thread register is 32bit LRB
b562af
  - Fix Shenandoah bindings in ADLC formssel
b562af
  - Shenandoah: Backed out weak roots cleaning during full gc
b562af
b562af
Notes on individual issues:
b562af
===========================
b562af
b562af
security-libs/java.security:
b562af
b562af
JDK-8260597: Added 2 HARICA Root CA Certificates
b562af
================================================
b562af
b562af
The following root certificates have been added to the cacerts truststore:
b562af
b562af
Alias Name: haricarootca2015
b562af
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
b562af
b562af
Alias Name: haricaeccrootca2015
b562af
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
b562af
b562af
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
b562af
===================================================================================
b562af
Weak named curves are disabled by default by adding them to the
b562af
following `disabledAlgorithms` security properties:
b562af
b562af
* jdk.tls.disabledAlgorithms
b562af
* jdk.certpath.disabledAlgorithms
b562af
* jdk.jar.disabledAlgorithms
b562af
b562af
Red Hat has always disabled many of the curves provided by upstream,
b562af
so the only addition in this release is:
b562af
b562af
* secp256k1
b562af
b562af
The curves that remain enabled are:
b562af
b562af
* secp256r1
b562af
* secp384r1
b562af
* secp521r1
b562af
* X25519
b562af
* X448
b562af
b562af
When large numbers of weak named curves need to be disabled, adding
b562af
individual named curves to each `disabledAlgorithms` property would be
b562af
overwhelming. To relieve this, a new security property,
b562af
`jdk.disabled.namedCurves`, is implemented that can list the named
b562af
curves common to all of the `disabledAlgorithms` properties. To use
b562af
the new property in the `disabledAlgorithms` properties, precede the
b562af
full property name with the keyword `include`.  Users can still add
b562af
individual named curves to `disabledAlgorithms` properties separate
b562af
from this new property.  No other properties can be included in the
b562af
`disabledAlgorithms` properties.
b562af
b562af
To restore the named curves, remove the `include
b562af
jdk.disabled.namedCurves` either from specific or from all
b562af
`disabledAlgorithms` security properties. To restore one or more
b562af
curves, remove the specific named curve(s) from the
b562af
`jdk.disabled.namedCurves` property.
b562af
b562af
JDK-8244286: Tools Warn If Weak Algorithms Are Used
b562af
===================================================
b562af
The `keytool` and `jarsigner` tools have been updated to warn users
b562af
when weak cryptographic algorithms are used in keys, certificates, and
b562af
signed JARs before they are disabled. The weak algorithms are set in
b562af
the `jdk.security.legacyAlgorithms` security property in the
b562af
`java.security` configuration file. In this release, the tools issue
b562af
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
b562af
b562af
security-libs/javax.net.ssl:
b562af
b562af
JDK-8256490: Disable TLS 1.0 and 1.1
b562af
====================================
b562af
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
b562af
considered secure and have been superseded by more secure and modern
b562af
versions (TLS 1.2 and 1.3).
b562af
b562af
These versions have now been disabled by default. If you encounter
b562af
issues, you can, at your own risk, re-enable the versions by removing
b562af
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
b562af
security property in the `java.security` configuration file.
b562af
b562af
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
b562af
=========================================================================
b562af
Two new system properties have been added to customize the TLS
b562af
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
b562af
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
b562af
has been added for the server side.
b562af
b562af
Each system property contains a comma-separated list of supported
b562af
signature scheme names specifying the signature schemes that could be
b562af
used for the TLS connections.
b562af
b562af
The names are described in the "Signature Schemes" section of the
b562af
*Java Security Standard Algorithm Names Specification*.
b562af
b562af
tools/javac:
b562af
b562af
JDK-8177368: Several incorporation steps are silently failing when an error should be reported
b562af
==============================================================================================
b562af
Reporting previously silent errors found during incorporation, JLS
b562af
8ยง18.3, was supposed to be a clean-up with performance only
b562af
implications. But consider the test case:
b562af
b562af
import java.util.Arrays;
b562af
import java.util.List;
b562af
b562af
class Klass {
b562af
  public static  List<List<A>> foo(List... lists) {
b562af
    return foo(Arrays.asList(lists));
b562af
    }
b562af
b562af
  public static  List<List<B>> foo(List> lists) {
b562af
    return null;
b562af
  }
b562af
}
b562af
b562af
This code was not accepted before the patch for [1], but after this
b562af
patch the compiler is accepting it. Accepting this code is the right
b562af
behavior as not reporting incorporation errors was a bug in the
b562af
compiler.  While determining the applicability of method: 
b562af
List<List<B>> foo(List> lists) for which
b562af
we have the constraints: b <: Object t <: List t<:Object
b562af
List <: t first, inference variable b is selected for
b562af
instantiation: b = CAP1 of ? extends A so this implies that: t <:
b562af
List t<: Object List <: t
b562af
b562af
Now all the bounds are checked for consistency. While checking if
b562af
List is a subtype of List
b562af
a bound error is reported. Before the compiler was just swallowing
b562af
it. As now the error is reported while inference variable b is being
b562af
instantiated, the bound set is rolled back to it's initial state, 'b'
b562af
is instantiated to Object, and with this instantiation the constraint
b562af
set is solvable, the method is applicable, it's the only applicable
b562af
one and the code is accepted as correct. The compiler behavior in this
b562af
case is defined at JLS 8 ยง18.4
b562af
b562af
This fix has source compatibility impact, right now code that wasn't
b562af
being accepted is now being accepted by the javac compiler. Currently
b562af
there are no reports of any other kind of incompatibility.
b562af
b562af
[1] https://bugs.openjdk.java.net/browse/JDK-8078024
b562af
b6c39c
New in release OpenJDK 8u282 (2021-01-19):
b6c39c
===========================================
b6c39c
Live versions of these release notes can be found at:
b6c39c
  * https://bitly.com/openjdk8u282
b6c39c
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
b6c39c
b6c39c
* Security fixes
b6c39c
  - JDK-8247619: Improve Direct Buffering of Characters
b6c39c
* Other changes
b6c39c
  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
b6c39c
  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
b6c39c
  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
b6c39c
  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
b6c39c
  - JDK-8030350: Enable additional compiler warnings for GCC
b6c39c
  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
b6c39c
  - JDK-8036122: Fix warning 'format not a string literal'
b6c39c
  - JDK-8039279: Move awt tests to openjdk repository
b6c39c
  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
b6c39c
  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
b6c39c
  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
b6c39c
  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
b6c39c
  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
b6c39c
  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
b6c39c
  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
b6c39c
  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
b6c39c
  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
b6c39c
  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
b6c39c
  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
b6c39c
  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
b6c39c
  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
b6c39c
  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
b6c39c
  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
b6c39c
  - JDK-8051440: move tests about maximizing undecorated to OpenJDK
b6c39c
  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
b6c39c
  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
b6c39c
  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
b6c39c
  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
b6c39c
  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
b6c39c
  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
b6c39c
  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
b6c39c
  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
b6c39c
  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
b6c39c
  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
b6c39c
  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
b6c39c
  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
b6c39c
  - JDK-8062808: Turn on the -Wreturn-type warning
b6c39c
  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
b6c39c
  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
b6c39c
  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
b6c39c
  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
b6c39c
  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
b6c39c
  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
b6c39c
  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
b6c39c
  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
b6c39c
  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
b6c39c
  - JDK-8068275: Some tests failed after JDK-8063104
b6c39c
  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
b6c39c
  - JDK-8074807: Fix some tests unnecessary using internal API
b6c39c
  - JDK-8076315: move 4 manual functional swing tests to regression suite
b6c39c
  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
b6c39c
  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
b6c39c
  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
b6c39c
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
b6c39c
  - JDK-8148916: Mark bug6400879.java as intermittently failing
b6c39c
  - JDK-8148983: Fix extra comma in changes for JDK-8148916
b6c39c
  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
b6c39c
  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
b6c39c
  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
b6c39c
  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
b6c39c
  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
b6c39c
  - JDK-8165808: Add release barriers when allocating objects with concurrent collection
b6c39c
  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
b6c39c
  - JDK-8166583: Add oopDesc::klass_or_null_acquire()
b6c39c
  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful
b6c39c
  - JDK-8166862: CMS needs klass_or_null_acquire
b6c39c
  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
b6c39c
  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
b6c39c
  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
b6c39c
  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
b6c39c
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
b6c39c
  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
b6c39c
  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
b6c39c
  - JDK-8207766: [testbug] Adapt tests for Aix.
b6c39c
  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
b6c39c
  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
b6c39c
  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
b6c39c
  - JDK-8217362: Emergency dump does not work when disk=false is set
b6c39c
  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations
b6c39c
  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
b6c39c
  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
b6c39c
  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
b6c39c
  - JDK-8220657: JFR.dump does not work when filename is set
b6c39c
  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
b6c39c
  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
b6c39c
  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing
b6c39c
  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
b6c39c
  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
b6c39c
  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
b6c39c
  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
b6c39c
  - JDK-8229868: Update Apache Santuario TPRM version
b6c39c
  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
b6c39c
  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
b6c39c
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
b6c39c
  - JDK-8233548: Update CUP to v0.11b
b6c39c
  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
b6c39c
  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
b6c39c
  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
b6c39c
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
b6c39c
  - JDK-8242335: Additional Tests for RSASSA-PSS
b6c39c
  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
b6c39c
  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
b6c39c
  - JDK-8245400: Upgrade to LittleCMS 2.11
b6c39c
  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
b6c39c
  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
b6c39c
  - JDK-8249176: Update GlobalSignR6CA test certificates
b6c39c
  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
b6c39c
  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
b6c39c
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
b6c39c
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
b6c39c
  - JDK-8251365: Build failure on AIX after 8250636
b6c39c
  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
b6c39c
  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
b6c39c
  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
b6c39c
  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
b6c39c
  - JDK-8252497: Incorrect numeric currency code for ROL
b6c39c
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
b6c39c
  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
b6c39c
  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
b6c39c
  - JDK-8253036: Support building the Zero assembler port on AArch64
b6c39c
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
b6c39c
  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
b6c39c
  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
b6c39c
  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
b6c39c
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
b6c39c
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
b6c39c
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
b6c39c
  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
b6c39c
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
b6c39c
  - JDK-8255003: Build failures on Solaris
b6c39c
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
b6c39c
  - JDK-8255269: Unsigned overflow in g1Policy.cpp
b6c39c
  - JDK-8255603: Memory/Performance regression after JDK-8210985
b6c39c
  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
b6c39c
  - JDK-8256618: Zero: Linux x86_32 build still fails
b6c39c
  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
b6c39c
  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
b6c39c
  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
b6c39c
  - JDK-8258630: Add expiry exception for QuoVadis root certificate
b6c39c
* AArch64 port
b6c39c
  - Fix AArch64 build failure after JDK-8062808 backport
b6c39c
* Shenandoah
b6c39c
  - Fix racy update of code roots
b6c39c
b6c39c
Notes on individual issues:
b6c39c
===========================
b6c39c
b6c39c
security-libs/javax.xml.crypto:
b6c39c
b6c39c
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
b6c39c
===========================================================================
b6c39c
The XML Signature implementation in the `java.xml.crypto` module has
b6c39c
been updated to version 2.1.3 of Apache Santuario. New features
b6c39c
include:
b6c39c
b6c39c
* Added support for embedding elliptic curve public keys in the
b6c39c
  KeyValue element
b6c39c
2ee945
New in release OpenJDK 8u275 (2020-11-05):
2ee945
===========================================
2ee945
Live versions of these release notes can be found at:
2ee945
  * https://bitly.com/openjdk8u275
2ee945
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
2ee945
2ee945
* Regression fixes
2ee945
  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
2ee945
  - JDK-8223940: Private key not supported by chosen signature algorithm
2ee945
  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
2ee945
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
2ee945
aef6f0
New in release OpenJDK 8u272 (2020-10-20):
aef6f0
===========================================
aef6f0
Live versions of these release notes can be found at:
aef6f0
  * https://bitly.com/openjdk8u272
aef6f0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
aef6f0
aef6f0
* New features
aef6f0
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
aef6f0
* Security fixes
aef6f0
  - JDK-8233624: Enhance JNI linkage
aef6f0
  - JDK-8236196: Improve string pooling
aef6f0
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
aef6f0
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
aef6f0
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
aef6f0
  - JDK-8240124: Better VM Interning
aef6f0
  - JDK-8241114, CVE-2020-14792: Better range handling
aef6f0
  - JDK-8242680, CVE-2020-14796: Improved URI Support
aef6f0
  - JDK-8242685, CVE-2020-14797: Better Path Validation
aef6f0
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
aef6f0
  - JDK-8243302: Advanced class supports
aef6f0
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
aef6f0
  - JDK-8244479: Further constrain certificates
aef6f0
  - JDK-8244955: Additional Fix for JDK-8240124
aef6f0
  - JDK-8245407: Enhance zoning of times
aef6f0
  - JDK-8245412: Better class definitions
aef6f0
  - JDK-8245417: Improve certificate chain handling
aef6f0
  - JDK-8248574: Improve jpeg processing
aef6f0
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
aef6f0
  - JDK-8253019: Enhanced JPEG decoding
aef6f0
* Other changes
aef6f0
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
aef6f0
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
aef6f0
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
aef6f0
  - JDK-8025886: replace [[ and == bash extensions in regtest
aef6f0
  - JDK-8026236: Add PrimeTest for BigInteger
aef6f0
  - JDK-8031625: javadoc problems referencing inner class constructors
aef6f0
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
aef6f0
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
aef6f0
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
aef6f0
  - JDK-8046274: Removing dependency on jakarta-regexp
aef6f0
  - JDK-8048933: -XX:+TraceExceptions output should include the message
aef6f0
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
aef6f0
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
aef6f0
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
aef6f0
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
aef6f0
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
aef6f0
  - JDK-8075774: Small readability and performance improvements for zipfs
aef6f0
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
aef6f0
  - JDK-8078334: Mark regression tests using randomness
aef6f0
  - JDK-8078880: Mark a few more intermittently failuring security-libs
aef6f0
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
aef6f0
  - JDK-8132206: move ScanTest.java into OpenJDK
aef6f0
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
aef6f0
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
aef6f0
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
aef6f0
  - JDK-8144539: Update PKCS11 tests to run with security manager
aef6f0
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
aef6f0
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
aef6f0
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
aef6f0
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
aef6f0
  - JDK-8151788: NullPointerException from ntlm.Client.type3
aef6f0
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
aef6f0
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
aef6f0
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
aef6f0
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
aef6f0
  - JDK-8154313: Generated javadoc scattered all over the place
aef6f0
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
aef6f0
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
aef6f0
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
aef6f0
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
aef6f0
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
aef6f0
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
aef6f0
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
aef6f0
  - JDK-8167300: Scheduling failures during gcm should be fatal
aef6f0
  - JDK-8167615: Opensource unit/regression tests for JavaSound
aef6f0
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
aef6f0
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
aef6f0
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
aef6f0
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
aef6f0
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
aef6f0
  - JDK-8177628: Opensource unit/regression tests for ImageIO
aef6f0
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
aef6f0
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
aef6f0
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
aef6f0
  - JDK-8184762: ZapStackSegments should use optimized memset
aef6f0
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
aef6f0
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
aef6f0
  - JDK-8193137: Nashorn crashes when given an empty script file
aef6f0
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
aef6f0
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
aef6f0
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
aef6f0
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
aef6f0
  - JDK-8201633: Problems with AES-GCM native acceleration
aef6f0
  - JDK-8203357: Container Metrics
aef6f0
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
aef6f0
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
aef6f0
  - JDK-8211049: Second parameter of "initialize" method is not used
aef6f0
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
aef6f0
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
aef6f0
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
aef6f0
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
aef6f0
  - JDK-8217606: LdapContext#reconnect always opens a new connection
aef6f0
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
aef6f0
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
aef6f0
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
aef6f0
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
aef6f0
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
aef6f0
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
aef6f0
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
aef6f0
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
aef6f0
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
aef6f0
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
aef6f0
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
aef6f0
  - JDK-8224217: RecordingInfo should use textual representation of path
aef6f0
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
aef6f0
  - JDK-8226575: OperatingSystemMXBean should be made container aware
aef6f0
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
aef6f0
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
aef6f0
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
aef6f0
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
aef6f0
  - JDK-8230303: JDB hangs when running monitor command
aef6f0
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
aef6f0
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
aef6f0
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
aef6f0
  - JDK-8233097: Fontmetrics for large Fonts has zero width
aef6f0
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
aef6f0
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
aef6f0
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
aef6f0
  - JDK-8235325: build failure on Linux after 8235243
aef6f0
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
aef6f0
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
aef6f0
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
aef6f0
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
aef6f0
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
aef6f0
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
aef6f0
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
aef6f0
  - JDK-8238898: Missing hash characters for header on license file
aef6f0
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
aef6f0
  - JDK-8239819: XToolkit: Misread of screen information memory
aef6f0
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
aef6f0
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
aef6f0
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
aef6f0
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
aef6f0
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
aef6f0
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
aef6f0
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
aef6f0
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
aef6f0
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
aef6f0
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
aef6f0
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
aef6f0
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
aef6f0
  - JDK-8245469: Remove DTLS protocol implementation
aef6f0
  - JDK-8245470: Fix JDK8 compatibility issues
aef6f0
  - JDK-8245471: Revert JDK-8148188
aef6f0
  - JDK-8245472: Backport JDK-8038893 to JDK8
aef6f0
  - JDK-8245473: OCSP stapling support
aef6f0
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
aef6f0
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
aef6f0
  - JDK-8245477: Adjust TLS tests location
aef6f0
  - JDK-8245653: Remove 8u TLS tests
aef6f0
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
aef6f0
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
aef6f0
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
aef6f0
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
aef6f0
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
aef6f0
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
aef6f0
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
aef6f0
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
aef6f0
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
aef6f0
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
aef6f0
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
aef6f0
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
aef6f0
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
aef6f0
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
aef6f0
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
aef6f0
  - JDK-8251341: Minimal Java specification change
aef6f0
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
aef6f0
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
aef6f0
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
aef6f0
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
aef6f0
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
aef6f0
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
aef6f0
  - JDK-8254937: Revert JDK-8148854 for 8u272
aef6f0
aef6f0
Notes on individual issues:
aef6f0
===========================
aef6f0
aef6f0
core-svc/java.lang.management:
aef6f0
aef6f0
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
aef6f0
============================================================================================
aef6f0
When executing in a container, or other virtualized operating
aef6f0
environment, the following `OperatingSystemMXBean` methods in this
aef6f0
release return container specific information, if
aef6f0
available. Otherwise, they return host specific data:
aef6f0
aef6f0
* getFreePhysicalMemorySize()
aef6f0
* getTotalPhysicalMemorySize()
aef6f0
* getFreeSwapSpaceSize()
aef6f0
* getTotalSwapSpaceSize()
aef6f0
* getSystemCpuLoad()
aef6f0
aef6f0
security-libs/java.security:
aef6f0
aef6f0
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
aef6f0
========================================================================
aef6f0
The Entrust root certificate has been added to the cacerts truststore:
aef6f0
aef6f0
Alias Name: entrustrootcag4
aef6f0
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
aef6f0
aef6f0
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
aef6f0
=========================================================
aef6f0
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
aef6f0
aef6f0
Alias Name: sslrootrsaca
aef6f0
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
aef6f0
aef6f0
Alias Name: sslrootevrsaca
aef6f0
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
aef6f0
aef6f0
Alias Name: sslrooteccca
aef6f0
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
aef6f0
aef6f0
security-libs/javax.crypto:pkcs11:
aef6f0
aef6f0
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
aef6f0
=======================================================================
aef6f0
The SunPKCS11 provider has been updated with support for PKCS#11
aef6f0
v2.40. This version adds support for more algorithms such as the
aef6f0
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
aef6f0
digests, and RSASSA-PSS signatures when the corresponding PKCS11
aef6f0
mechanisms are supported by the underlying PKCS11 library.
aef6f0
aef6f0
security-libs/javax.security:
aef6f0
aef6f0
JDK-8242059: Support for canonicalize in krb5.conf
aef6f0
==================================================
aef6f0
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
aef6f0
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
aef6f0
canonicalization is requested by clients in TGT requests to KDC
aef6f0
services (AS protocol). Otherwise, and by default, it is not
aef6f0
requested.
aef6f0
aef6f0
The new default behavior is different from previous releases where
aef6f0
name canonicalization was always requested by clients in TGT requests
aef6f0
to KDC services (provided that support for RFC 6806[1] was not
aef6f0
explicitly disabled with the *sun.security.krb5.disableReferrals*
aef6f0
system or security properties).
aef6f0
aef6f0
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
aef6f0
[1]: https://tools.ietf.org/html/rfc6806
aef6f0
aef6f0
security-libs/javax.xml.crypto:
aef6f0
aef6f0
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
aef6f0
=====================================================================
aef6f0
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
aef6f0
aef6f0
New features include:
aef6f0
aef6f0
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
aef6f0
in RFC 6931.
aef6f0
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
aef6f0
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
aef6f0
aef6f0
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
aef6f0
============================================================================================================
aef6f0
The upgrade to the Apache Santuario libraries (see above) introduced
aef6f0
an issue where XML signature using Base64 encoding resulted in
aef6f0
appending `&#xd` or `&#13` to the encoded output. This behavioural
aef6f0
change was made in the Apache Santuario codebase to comply with RFC
aef6f0
2045. The Santuario team has adopted a position of keeping their
aef6f0
libraries compliant with RFC 2045.
aef6f0
aef6f0
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
aef6f0
data in a format without `&#xd` or `&#13`.
aef6f0
aef6f0
Therefore a new system property, specific to the 8 update stream,
aef6f0
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
aef6f0
available to fall back to the legacy Base64 encoded format.
aef6f0
aef6f0
Users can set this flag in one of two ways:
aef6f0
aef6f0
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
aef6f0
aef6f0
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
aef6f0
aef6f0
This new system property is disabled by default. It has no effect on
aef6f0
default behaviour nor when
aef6f0
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
aef6f0
is set.
aef6f0
aef6f0
Later JDK family versions will only support the recommended property:
aef6f0
aef6f0
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
aef6f0
aef6f0
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
aef6f0
====================================================================
aef6f0
Following JDK's update to tzdata2020b, the long-obsolete files
aef6f0
pacificnew and systemv have been removed. As a result, the
aef6f0
"US/Pacific-New" zone name declared in the pacificnew data file is no
aef6f0
longer available for use.
aef6f0
aef6f0
Information regarding the update can be viewed at
aef6f0
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
aef6f0
0ccdb4
New in release OpenJDK 8u265 (2020-07-27):
0ccdb4
===========================================
0ccdb4
Live versions of these release notes can be found at:
0ccdb4
  * https://bitly.com/openjdk8u265
0ccdb4
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
0ccdb4
0ccdb4
* Bug fixes
0ccdb4
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
0ccdb4
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
0ccdb4
9aeff1
New in release OpenJDK 8u262 (2020-07-14):
9aeff1
===========================================
9aeff1
Live versions of these release notes can be found at:
9aeff1
  * https://bitly.com/oj8u262
9aeff1
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
9aeff1
9aeff1
* New features
9aeff1
  - JDK-8223147: JFR Backport
9aeff1
* Security fixes
9aeff1
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
9aeff1
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
9aeff1
  - JDK-8230613: Better ASCII conversions
9aeff1
  - JDK-8231800: Better listing of arrays
9aeff1
  - JDK-8232014: Expand DTD support
9aeff1
  - JDK-8233255: Better Swing Buttons
9aeff1
  - JDK-8234032: Improve basic calendar services
9aeff1
  - JDK-8234042: Better factory production of certificates
9aeff1
  - JDK-8234418: Better parsing with CertificateFactory
9aeff1
  - JDK-8234836: Improve serialization handling
9aeff1
  - JDK-8236191: Enhance OID processing
9aeff1
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
9aeff1
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
9aeff1
  - JDK-8238002, CVE-2020-14581: Better matrix operations
9aeff1
  - JDK-8238804: Enhance key handling process
9aeff1
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
9aeff1
  - JDK-8238843: Enhanced font handing
9aeff1
  - JDK-8238920, CVE-2020-14583: Better Buffer support
9aeff1
  - JDK-8238925: Enhance WAV file playback
9aeff1
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
9aeff1
  - JDK-8240482: Improved WAV file playback
9aeff1
  - JDK-8241379: Update JCEKS support
9aeff1
  - JDK-8241522: Manifest improved jar headers redux
9aeff1
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
9aeff1
* Other changes
9aeff1
  - JDK-4949105: Access Bridge lacks html tags parsing
9aeff1
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
9aeff1
  - JDK-8003209: JFR events for network utilization
9aeff1
  - JDK-8030680: 292 cleanup from default method code assessment
9aeff1
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
9aeff1
  - JDK-8037866: Replace the Fun class in tests with lambdas
9aeff1
  - JDK-8041626: Shutdown tracing event
9aeff1
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
9aeff1
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
9aeff1
  - JDK-8076475: Misuses of strncpy/strncat
9aeff1
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
9aeff1
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
9aeff1
  - JDK-8146612: C2: Precedence edges specification violated
9aeff1
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
9aeff1
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
9aeff1
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
9aeff1
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
9aeff1
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
9aeff1
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
9aeff1
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
9aeff1
  - JDK-8176182: 4 security tests are not run
9aeff1
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
9aeff1
  - JDK-8178910: Problemlist sample tests
9aeff1
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
9aeff1
  - JDK-8183925: Decouple crash protection from watcher thread
9aeff1
  - JDK-8191393: Random crashes during cfree+0x1c
9aeff1
  - JDK-8195817: JFR.stop should require name of recording
9aeff1
  - JDK-8195818: JFR.start should increase autogenerated name by one
9aeff1
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
9aeff1
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
9aeff1
  - JDK-8199712: Flight Recorder
9aeff1
  - JDK-8202578: Revisit location for class unload events
9aeff1
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
9aeff1
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
9aeff1
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
9aeff1
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
9aeff1
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
9aeff1
  - JDK-8203929: Limit amount of data for JFR.dump
9aeff1
  - JDK-8205516: JFR tool
9aeff1
  - JDK-8207392: [PPC64] Implement JFR profiling
9aeff1
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
9aeff1
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
9aeff1
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
9aeff1
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
9aeff1
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
9aeff1
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
9aeff1
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
9aeff1
  - JDK-8213421: Line number information for execution samples always 0
9aeff1
  - JDK-8213617: JFR should record the PID of the recorded process
9aeff1
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
9aeff1
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
9aeff1
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
9aeff1
  - JDK-8213966: The ZGC JFR events should be marked as experimental
9aeff1
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
9aeff1
  - JDK-8214750: Unnecessary 

tags in jfr classes

9aeff1
  - JDK-8214896: JFR Tool left files behind
9aeff1
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
9aeff1
  - JDK-8214925: JFR tool fails to execute
9aeff1
  - JDK-8215175: Inconsistencies in JFR event metadata
9aeff1
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
9aeff1
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
9aeff1
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
9aeff1
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
9aeff1
  - JDK-8215771: The jfr tool should pretty print reference chains
9aeff1
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
9aeff1
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
9aeff1
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
9aeff1
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
9aeff1
  - JDK-8216578: Remove unused/obsolete method in JFR code
9aeff1
  - JDK-8216995: Clean up JFR command line processing
9aeff1
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
9aeff1
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
9aeff1
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
9aeff1
  - JDK-8220293: Deadlock in JFR string pool
9aeff1
  - JDK-8223689: Add JFR Thread Sampling Support
9aeff1
  - JDK-8223690: Add JFR BiasedLock Event Support
9aeff1
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
9aeff1
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
9aeff1
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
9aeff1
  - JDK-8224475: JTextPane does not show images in HTML rendering
9aeff1
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
9aeff1
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
9aeff1
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
9aeff1
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
9aeff1
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
9aeff1
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
9aeff1
  - JDK-8227269: Slow class loading when running with JDWP
9aeff1
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
9aeff1
  - JDK-8229366: JFR backport allows unchecked writing to memory
9aeff1
  - JDK-8229401: Fix JFR code cache test failures
9aeff1
  - JDK-8229708: JFR backport code does not initialize
9aeff1
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
9aeff1
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
9aeff1
  - JDK-8229899: Make java.io.File.isInvalid() less racy
9aeff1
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
9aeff1
  - JDK-8230597: Update GIFlib library to the 5.2.1
9aeff1
  - JDK-8230707: JFR related tests are failing
9aeff1
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
9aeff1
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
9aeff1
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
9aeff1
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
9aeff1
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
9aeff1
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
9aeff1
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
9aeff1
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
9aeff1
  - JDK-8233880: Support compilers with multi-digit major version numbers
9aeff1
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
9aeff1
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
9aeff1
  - JDK-8236074: Missed package-info
9aeff1
  - JDK-8236174: Should update javadoc since tags
9aeff1
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
9aeff1
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
9aeff1
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
9aeff1
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
9aeff1
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
9aeff1
  - JDK-8238590: Enable JFR by default during compilation in 8u
9aeff1
  - JDK-8239055: Wrong implementation of VMState.hasListener
9aeff1
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
9aeff1
  - JDK-8239479: minimal1 and zero builds are failing
9aeff1
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
9aeff1
  - JDK-8239867: correct over use of INCLUDE_JFR macro
9aeff1
  - JDK-8240375: Disable JFR by default for July 2020 release
9aeff1
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
9aeff1
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
9aeff1
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
9aeff1
  - JDK-8241750: x86_32 build failure after JDK-8227269
9aeff1
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
9aeff1
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
9aeff1
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
9aeff1
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
9aeff1
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
9aeff1
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
9aeff1
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
9aeff1
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
9aeff1
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
9aeff1
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
9aeff1
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
9aeff1
  - JDK-8244843: JapanEraNameCompatTest fails
9aeff1
  - JDK-8245167: Top package in method profiling shows null in JMC
9aeff1
  - JDK-8246223: Windows build fails after JDK-8227269
9aeff1
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
9aeff1
  - JDK-8248399: Build installs jfr binary when JFR is disabled
9aeff1
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
9aeff1
9aeff1
Notes on individual issues:
9aeff1
===========================
9aeff1
9aeff1
hotspot/jfr:
9aeff1
9aeff1
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
9aeff1
=========================================================
9aeff1
9aeff1
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
9aeff1
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
9aeff1
9aeff1
JFR is a low-overhead framework to collect and provide data helpful to
9aeff1
troubleshoot the performance of the OpenJDK runtime and of Java
9aeff1
applications. It consists of a new API to define custom events under
9aeff1
the jdk.jfr namespace and a JMX interface to interact with the
9aeff1
framework. The recording can also be initiated with the application
9aeff1
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
9aeff1
the +XX:EnableTracing feature introduced in JEP 167, providing a more
9aeff1
efficient way to retrieve the same information. For compatibility
9aeff1
reasons, +XX:EnableTracing is still accepted, however no data will be
9aeff1
printed.
9aeff1
9aeff1
While JFR is not built by default upstream, it is included in Red Hat
9aeff1
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
9aeff1
9aeff1
hotspot/runtime:
9aeff1
9aeff1
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
9aeff1
=========================================================================================
9aeff1
9aeff1
JFR will be disabled with a warning message if it is enabled during
9aeff1
CDS dumping. The user will see the following warning message:
9aeff1
9aeff1
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
9aeff1
9aeff1
if JFR is enabled during CDS dumping such as in the following command
9aeff1
line:
9aeff1
9aeff1
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
9aeff1
9aeff1
security-libs/java.security:
9aeff1
9aeff1
JDK-8244167: Removal of Comodo Root CA Certificate
9aeff1
==================================================
9aeff1
9aeff1
The following expired Comodo root CA certificate was removed from the
9aeff1
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
9aeff1
9aeff1
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
9aeff1
9aeff1
JDK-8244166: Removal of DocuSign Root CA Certificate
9aeff1
====================================================
9aeff1
9aeff1
The following expired DocuSign root CA certificate was removed from
9aeff1
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
9aeff1
9aeff1
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
9aeff1
9aeff1
security-libs/javax.crypto:pkcs11:
9aeff1
9aeff1
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
9aeff1
============================================================================================================================
9aeff1
9aeff1
The SunPKCS11 security provider can now be initialized with NSS when
9aeff1
FIPS-enabled external modules are configured in the Security Modules
9aeff1
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
9aeff1
throw a RuntimeException with the message: "FIPS flag set for
9aeff1
non-internal module" when such a library was configured for NSS in
9aeff1
non-FIPS mode.
9aeff1
9aeff1
This change allows the JDK to work properly with recent NSS releases
9aeff1
on GNU/Linux operating systems when the system-wide FIPS policy is
9aeff1
turned on.
9aeff1
9aeff1
Further information can be found in JDK-8238555.
9aeff1
7e9da4
New in release OpenJDK 8u252 (2020-04-14):
7e9da4
===========================================
7e9da4
Live versions of these release notes can be found at:
7e9da4
  * https://bitly.com/oj8u252
7e9da4
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
7e9da4
7e9da4
* Security fixes
7e9da4
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
7e9da4
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
7e9da4
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
7e9da4
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
7e9da4
  - JDK-8225603: Enhancement for big integers
7e9da4
  - JDK-8227542: Manifest improved jar headers
7e9da4
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
7e9da4
  - JDK-8233250: Better X11 rendering
7e9da4
  - JDK-8233410: Better Build Scripting
7e9da4
  - JDK-8234027: Better JCEKS key support
7e9da4
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
7e9da4
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
7e9da4
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
7e9da4
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
7e9da4
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
7e9da4
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
7e9da4
* Other changes
7e9da4
  - JDK-8005819: Support cross-realm MSSFU
7e9da4
  - JDK-8022263: use same Clang warnings on BSD as on Linux
7e9da4
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
7e9da4
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
7e9da4
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
7e9da4
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
7e9da4
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
7e9da4
  - JDK-8132130: some docs cleanup
7e9da4
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
7e9da4
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
7e9da4
  - JDK-8144446: Automate the Marlin crash test
7e9da4
  - JDK-8144526: Remove Marlin logging use of deleted internal API
7e9da4
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
7e9da4
  - JDK-8144654: Improve Marlin logging
7e9da4
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
7e9da4
  - JDK-8166976: TestCipherPBECons has wrong @run line
7e9da4
  - JDK-8167409: Invalid value passed to critical JNI function
7e9da4
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
7e9da4
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
7e9da4
  - JDK-8191227: issues with unsafe handle resolution
7e9da4
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
7e9da4
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
7e9da4
  - JDK-8215756: Memory leaks in the AWT on macOS
7e9da4
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
7e9da4
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
7e9da4
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
7e9da4
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
7e9da4
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
7e9da4
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
7e9da4
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
7e9da4
  - JDK-8229872: (fs) Increase buffer size used with getmntent
7e9da4
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
7e9da4
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
7e9da4
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
7e9da4
  - JDK-8235904: Infinite loop when rendering huge lines
7e9da4
  - JDK-8236179: C1 register allocation error with T_ADDRESS
7e9da4
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
7e9da4
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
7e9da4
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
7e9da4
  - JDK-8241307: Marlin renderer should not be the default in 8u252
7e9da4
7e9da4
Notes on individual issues:
7e9da4
===========================
7e9da4
7e9da4
hotspot/svc:
7e9da4
7e9da4
JDK-8174881: Binary format for HPROF updated 
7e9da4
============================================
7e9da4
7e9da4
When dumping the heap in binary format, HPROF format 1.0.2 is always
7e9da4
used now. Previously, format 1.0.1 was used for heaps smaller than
7e9da4
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
7e9da4
serviceability agent.
7e9da4
7e9da4
security-libs/java.security:
7e9da4
7e9da4
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
7e9da4
====================================================================================
7e9da4
7e9da4
The SunRsaSign and SunJCE providers have been enhanced with support
7e9da4
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
7e9da4
signature and OAEP using FIPS 180-4 digest algorithms. New
7e9da4
constructors and methods have been added to relevant JCA/JCE classes
7e9da4
under the `java.security.spec` and `javax.crypto.spec` packages for
7e9da4
supporting additional RSASSA-PSS parameters.
7e9da4
7e9da4
security-libs/javax.crypto:
7e9da4
7e9da4
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
7e9da4
============================================================
7e9da4
7e9da4
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
7e9da4
7e9da4
security-libs/javax.security:
7e9da4
7e9da4
JDK-8227564: Allow SASL Mechanisms to Be Restricted
7e9da4
===================================================
7e9da4
7e9da4
A security property named `jdk.sasl.disabledMechanisms` has been added
7e9da4
that can be used to disable SASL mechanisms. Any disabled mechanism
7e9da4
will be ignored if it is specified in the `mechanisms` argument of
7e9da4
`Sasl.createSaslClient` or the `mechanism` argument of
7e9da4
`Sasl.createSaslServer`. The default value for this security property
7e9da4
is empty, which means that no mechanisms are disabled out-of-the-box.