edf4c9
Key:
edf4c9
edf4c9
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
edf4c9
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
edf4c9
f190be
New in release OpenJDK 8u322 (2022-01-18):
f190be
===========================================
f190be
Live versions of these release notes can be found at:
f190be
  * https://bitly.com/openjdk8u322
f190be
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
f190be
f190be
* Security fixes
f190be
  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
f190be
  - JDK-8268488: More valuable DerValues
f190be
  - JDK-8268494: Better inlining of inlined interfaces
f190be
  - JDK-8268512: More content for ContentInfo
f190be
  - JDK-8268795: Enhance digests of Jar files
f190be
  - JDK-8268801: Improve PKCS attribute handling
f190be
  - JDK-8268813, CVE-2022-21283: Better String matching
f190be
  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
f190be
  - JDK-8269944: Better HTTP transport redux
f190be
  - JDK-8270392, CVE-2022-21293: Improve String constructions
f190be
  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
f190be
  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
f190be
  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
f190be
  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
f190be
  - JDK-8271962: Better TrueType font loading
f190be
  - JDK-8271968: Better canonical naming
f190be
  - JDK-8271987: Manifest improved manifest entries
f190be
  - JDK-8272014, CVE-2022-21305: Better array indexing
f190be
  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
f190be
  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
f190be
  - JDK-8272272: Enhance jcmd communication
f190be
  - JDK-8272462: Enhance image handling
f190be
  - JDK-8273290: Enhance sound handling
f190be
  - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
f190be
  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
f190be
  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
f190be
* Other changes
f190be
  - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
f190be
  - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
f190be
  - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
f190be
  - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
f190be
  - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
f190be
  - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
f190be
  - JDK-8048021: Remove @version tag in jaxp repo
f190be
  - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
f190be
  - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
f190be
  - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
f190be
  - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
f190be
  - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
f190be
  - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
f190be
  - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
f190be
  - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
f190be
  - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
f190be
  - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
f190be
  - JDK-8148915: Intermittent failures of bug6400879.java
f190be
  - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
f190be
  - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
f190be
  - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
f190be
  - JDK-8182036: Load from initializing arraycopy uses wrong memory state
f190be
  - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
f190be
  - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
f190be
  - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
f190be
  - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
f190be
  - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
f190be
  - JDK-8190793: Httpserver does not detect truncated request body
f190be
  - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
f190be
  - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
f190be
  - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
f190be
  - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
f190be
  - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
f190be
  - JDK-8225083: Remove Google certificate that is expiring in December 2021
f190be
  - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
f190be
  - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
f190be
  - JDK-8231438: [macOS] Dark mode for the desktop is not supported
f190be
  - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
f190be
  - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
f190be
  - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
f190be
  - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
f190be
  - JDK-8237499: JFR: Include stack trace in the ThreadStart event
f190be
  - JDK-8239886: Minimal VM build fails after JDK-8237499
f190be
  - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
f190be
  - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
f190be
  - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
f190be
  - JDK-8273308: PatternMatchTest.java fails on CI
f190be
  - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
f190be
  - JDK-8273826: Correct Manifest file name and NPE checks
f190be
  - JDK-8273968: JCK javax_xml tests fail in CI
f190be
  - JDK-8274407: (tz) Update Timezone Data to 2021c
f190be
  - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
f190be
  - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
f190be
  - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
f190be
  - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
f190be
  - JDK-8275766: (tz) Update Timezone Data to 2021e
f190be
  - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
f190be
  - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
f190be
f190be
Notes on individual issues:
f190be
===========================
f190be
f190be
security-libs/java.security:
f190be
f190be
JDK-8271434: Removed IdenTrust Root Certificate
f190be
===============================================
f190be
The following root certificate from IdenTrust has been removed from
f190be
the `cacerts` keystore:
f190be
f190be
Alias Name: identrustdstx3 [jdk]
f190be
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
f190be
f190be
JDK-8272535: Removed Google's GlobalSign Root Certificate
f190be
=========================================================
f190be
The following root certificate from Google has been removed from the
f190be
`cacerts` keystore:
f190be
f190be
Alias Name: globalsignr2ca [jdk]
f190be
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
f190be
f190be
core-libs/java.time:
f190be
f190be
JDK-8274857:  Update Timezone Data to 2021c
f190be
===========================================
f190be
IANA Time Zone Database, on which JDK's Date/Time libraries are based,
f190be
has been updated to version 2021c
f190be
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
f190be
that with this update, some of the time zone rules prior to the year
f190be
1970 have been modified according to the changes which were introduced
f190be
with 2021b. For more detail, refer to the announcement of 2021b
f190be
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
f190be
f190be
New in release OpenJDK 8u312 (2021-10-19):
f190be
===========================================
f190be
Live versions of these release notes can be found at:
f190be
  * https://bitly.com/openjdk8u312
f190be
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
f190be
f190be
* Security fixes
f190be
  - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
f190be
  - JDK-8161016: Strange behavior of URLConnection with proxy
f190be
  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
f190be
  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
f190be
  - JDK-8263314: Enhance XML Dsig modes
f190be
  - JDK-8265167, CVE-2021-35556: Richer Text Editors
f190be
  - JDK-8265574: Improve handling of sheets
f190be
  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
f190be
  - JDK-8265776: Improve Stream handling for SSL
f190be
  - JDK-8266097, CVE-2021-35561: Better hashing support
f190be
  - JDK-8266103: Better specified spec values
f190be
  - JDK-8266109: More Resilient Classloading
f190be
  - JDK-8266115: More Manifest Jar Loading
f190be
  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
f190be
  - JDK-8266689, CVE-2021-35567: More Constrained Delegation
f190be
  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
f190be
  - JDK-8267712: Better LDAP reference processing
f190be
  - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
f190be
  - JDK-8267735, CVE-2021-35586: Better BMP support
f190be
  - JDK-8268193: Improve requests of certificates
f190be
  - JDK-8268199: Correct certificate requests
f190be
  - JDK-8268506: More Manifest Digests
f190be
  - JDK-8269618, CVE-2021-35603: Better session identification
f190be
  - JDK-8269624: Enhance method selection support
f190be
  - JDK-8270398: Enhance canonicalization
f190be
  - JDK-8270404: Better canonicalization
f190be
* Other changes
f190be
  - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
f190be
  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
f190be
  - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
f190be
  - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
f190be
  - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
f190be
  - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
f190be
  - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
f190be
  - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
f190be
  - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
f190be
  - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
f190be
  - JDK-8065215: Print warning summary at end of configure
f190be
  - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
f190be
  - JDK-8079891: Store configure log in $BUILD/configure.log
f190be
  - JDK-8080082: configure fails if you create an empty directory and then run configure from it
f190be
  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
f190be
  - JDK-8131062: aarch64: add support for GHASH acceleration
f190be
  - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
f190be
  - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
f190be
  - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
f190be
  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
f190be
  - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
f190be
  - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
f190be
  - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
f190be
  - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
f190be
  - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
f190be
  - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
f190be
  - JDK-8214418: half-closed SSLEngine status may cause application dead loop
f190be
  - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
f190be
  - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
f190be
  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
f190be
  - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
f190be
  - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
f190be
  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
f190be
  - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
f190be
  - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
f190be
  - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
f190be
  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
f190be
  - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
f190be
  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
f190be
  - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
f190be
  - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
f190be
  - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
f190be
  - JDK-8263311: Watch registry changes for remote printers update instead of polling
f190be
  - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
f190be
  - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
f190be
  - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
f190be
  - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
f190be
  - JDK-8265978: make test should look for more locations when searching for exit code
f190be
  - JDK-8266206: Build failure after JDK-8264752 with older GCCs
f190be
  - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
f190be
  - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
f190be
  - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
f190be
  - JDK-8269763: The JEditorPane is blank after JDK-8265167
f190be
  - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
f190be
  - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
f190be
  - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
f190be
  - JDK-8269882: stack-use-after-scope in NewObjectA
f190be
  - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
f190be
  - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
f190be
  - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
f190be
  - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
f190be
  - JDK-8272214: [8u] Build failure after backport of JDK-8248901
f190be
  - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
f190be
* Shenandoah
f190be
  - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
f190be
  - Re-cast JNI critical strings patch to be Shenandoah-specific
f190be
f190be
Notes on individual issues:
f190be
===========================
f190be
f190be
core-libs/java.net:
f190be
f190be
JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
f190be
================================================================================
f190be
The behavior of HttpURLConnection when using a ProxySelector has been
f190be
modified with this JDK release. HttpURLConnection used to fall back to
f190be
a DIRECT connection attempt if the configured proxy(s) failed to make
f190be
a connection. This release introduces a change whereby no DIRECT
f190be
connection will be attempted in such a scenario. Instead, the
f190be
HttpURLConnection.connect() method will fail and throw an IOException
f190be
which occurred from the last proxy tested.
f190be
f190be
security-libs/javax.net.ssl:
f190be
f190be
JDK-8219551: Updated the Default Enabled Cipher Suites Preference
f190be
=================================================================
f190be
The preference of the default enabled cipher suites has been
f190be
changed. The compatibility impact should be minimal. If needed,
f190be
applications can customize the enabled cipher suites and the
f190be
preference. For more details, refer to the SunJSSE provider
f190be
documentation and the JSSE Reference Guide documentation.
f190be
cf0227
New in release OpenJDK 8u302 (2021-07-20):
cf0227
===========================================
cf0227
Live versions of these release notes can be found at:
cf0227
  * https://bitly.com/openjdk8u302
cf0227
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
cf0227
cf0227
* Security fixes
cf0227
  - JDK-8256157: Improve bytecode assembly
cf0227
  - JDK-8256491: Better HTTP transport
cf0227
  - JDK-8258432, CVE-2021-2341: Improve file transfers
cf0227
  - JDK-8260453: Improve Font Bounding
cf0227
  - JDK-8260960: Signs of jarsigner signing
cf0227
  - JDK-8260967, CVE-2021-2369: Better jar file validation
cf0227
  - JDK-8262380: Enhance XML processing passes
cf0227
  - JDK-8262403: Enhanced data transfer
cf0227
  - JDK-8262410: Enhanced rules for zones
cf0227
  - JDK-8262477: Enhance String Conclusions
cf0227
  - JDK-8262967: Improve Zip file support
cf0227
  - JDK-8264066, CVE-2021-2388: Enhance compiler validation
cf0227
  - JDK-8264079: Improve abstractions
cf0227
  - JDK-8264460: Improve NTLM support
cf0227
* Other changes
cf0227
  - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
cf0227
  - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
cf0227
  - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
cf0227
  - JDK-7106851: Test should not use System.exit
cf0227
  - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
cf0227
  - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
cf0227
  - JDK-8030123: java/beans/Introspector/Test8027648.java fails
cf0227
  - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
cf0227
  - JDK-8033289: clang: clean up unused function warning
cf0227
  - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
cf0227
  - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
cf0227
  - JDK-8035000: clean up ActivationLibrary.DestroyThread
cf0227
  - JDK-8035054: JarFacade.c should not include ctype.h
cf0227
  - JDK-8035287: gcc warnings compiling various libraries files
cf0227
  - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
cf0227
  - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
cf0227
  - JDK-8042891: Format issues embedded in macros for two g1 source files
cf0227
  - JDK-8043264: hsdis library not picked up correctly on expected paths
cf0227
  - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
cf0227
  - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
cf0227
  - JDK-8055754: filemap.cpp does not compile with clang
cf0227
  - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
cf0227
  - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
cf0227
  - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
cf0227
  - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
cf0227
  - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
cf0227
  - JDK-8074835: Resolve disabled warnings for libj2gss
cf0227
  - JDK-8074836: Resolve disabled warnings for libosxkrb5
cf0227
  - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
cf0227
  - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
cf0227
  - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
cf0227
  - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
cf0227
  - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
cf0227
  - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
cf0227
  - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
cf0227
  - JDK-8132148: G1 hs_err region dump legend out of sync with region values
cf0227
  - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
cf0227
  - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
cf0227
  - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
cf0227
  - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
cf0227
  - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
cf0227
  - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
cf0227
  - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
cf0227
  - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
cf0227
  - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
cf0227
  - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
cf0227
  - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
cf0227
  - JDK-8178403: DirectAudio in JavaSound may hang and leak
cf0227
  - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
cf0227
  - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
cf0227
  - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
cf0227
  - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
cf0227
  - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
cf0227
  - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
cf0227
  - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
cf0227
  - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
cf0227
  - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
cf0227
  - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
cf0227
  - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
cf0227
  - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
cf0227
  - JDK-8206925: Support the certificate_authorities extension
cf0227
  - JDK-8209996: [PPC64] Fix JFR profiling
cf0227
  - JDK-8214345: infinite recursion while checking super class
cf0227
  - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
cf0227
  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
cf0227
  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
cf0227
  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
cf0227
  - JDK-8228757: Fail fast if the handshake type is unknown
cf0227
  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
cf0227
  - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
cf0227
  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
cf0227
  - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
cf0227
  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
cf0227
  - JDK-8239053: [8u] clean up undefined-var-template warnings
cf0227
  - JDK-8239400: [8u] clean up undefined-var-template warnings
cf0227
  - JDK-8241649: Optimize Character.toString
cf0227
  - JDK-8241829: Cleanup the code for PrinterJob on windows
cf0227
  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
cf0227
  - JDK-8243559: Remove root certificates with 1024-bit keys
cf0227
  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
cf0227
  - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
cf0227
  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
cf0227
  - JDK-8250876: Fix issues with cross-compile on macos
cf0227
  - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
cf0227
  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
cf0227
  - JDK-8254631: Better support ALPN byte wire values in SunJSSE
cf0227
  - JDK-8255086: Update the root locale display names
cf0227
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
cf0227
  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
cf0227
  - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
cf0227
  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
cf0227
  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
cf0227
  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
cf0227
  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
cf0227
  - JDK-8258419: RSA cipher buffer cleanup
cf0227
  - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
cf0227
  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
cf0227
  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
cf0227
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
cf0227
  - JDK-8259886: Improve SSL session cache performance and scalability
cf0227
  - JDK-8260029: aarch64: fix typo in verify_oop_array
cf0227
  - JDK-8260236: better init AnnotationCollector _contended_group
cf0227
  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
cf0227
  - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
cf0227
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
cf0227
  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
cf0227
  - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
cf0227
  - JDK-8262110: DST starts from incorrect time in 2038
cf0227
  - JDK-8262446: DragAndDrop hangs on Windows
cf0227
  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
cf0227
  - JDK-8262730: Enable jdk8u MacOS external debug symbols
cf0227
  - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
cf0227
  - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
cf0227
  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
cf0227
  - JDK-8263600: change rmidRunning to a simple lookup
cf0227
  - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
cf0227
  - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
cf0227
  - JDK-8264640: CMS ParScanClosure misses a barrier
cf0227
  - JDK-8264816: Weak handles leak causes GC to take longer
cf0227
  - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
cf0227
  - JDK-8265666: Enable AIX build platform to make external debug symbols
cf0227
  - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
cf0227
  - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
cf0227
  - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
cf0227
  - JDK-8266723: JFR periodic events are causing extra allocations
cf0227
  - JDK-8266929: Unable to use algorithms from 3p providers
cf0227
  - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
cf0227
  - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
cf0227
  - JDK-8267545: [8u] Enable Xcode 12 builds on macOS
cf0227
  - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
cf0227
  - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
cf0227
  - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
cf0227
  - JDK-8269468: JDK-8269388 breaks the build on older GCCs
cf0227
  - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
cf0227
* Shenandoah
cf0227
  - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
cf0227
  - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
cf0227
  - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
cf0227
  - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
cf0227
  - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
cf0227
  - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
cf0227
  - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
cf0227
  - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
cf0227
  - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
cf0227
  - Shenandoah: Process weak roots during class unloading cycle
cf0227
cf0227
Notes on individual issues:
cf0227
===========================
cf0227
cf0227
security-libs/java.security:
cf0227
cf0227
JDK-8256902: Removed Root Certificates with 1024-bit Keys
cf0227
=========================================================
cf0227
The following root certificates with weak 1024-bit RSA public keys
cf0227
have been removed from the `cacerts` keystore:
cf0227
cf0227
Alias Name: thawtepremiumserverca [jdk]
cf0227
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
cf0227
cf0227
Alias Name: verisignclass2g2ca [jdk]
cf0227
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
cf0227
cf0227
Alias Name: verisignclass3ca [jdk]
cf0227
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
cf0227
cf0227
Alias Name: verisignclass3g2ca [jdk]
cf0227
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
cf0227
cf0227
Alias Name: verisigntsaca [jdk]
cf0227
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
cf0227
cf0227
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
cf0227
=================================================================
cf0227
cf0227
The following root certificate have been removed from the cacerts truststore:
cf0227
cf0227
Alias Name: soneraclass2ca
cf0227
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
cf0227
cf0227
security-libs/javax.net.ssl:
cf0227
cf0227
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
cf0227
=========================================================================================
cf0227
Certain TLS ALPN values couldn't be properly read or written by the
cf0227
SunJSSE provider. This is due to the choice of Strings as the API
cf0227
interface and the undocumented internal use of the UTF-8 Character Set
cf0227
which converts characters larger than U+00007F (7-bit ASCII) into
cf0227
multi-byte arrays that may not be expected by a peer.
cf0227
cf0227
ALPN values are now represented using the network byte representation
cf0227
expected by the peer, which should require no modification for
cf0227
standard 7-bit ASCII-based character Strings. However, SunJSSE now
cf0227
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
cf0227
characters.  This means applications that used characters above
cf0227
U+000007F that were previously encoded using UTF-8 may need to either
cf0227
be modified to perform the UTF-8 conversion, or set the Java security
cf0227
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
cf0227
cf0227
See the updated guide at
cf0227
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
cf0227
for more information.
cf0227
cf0227
JDK-8244460: Support for certificate_authorities Extension
cf0227
==========================================================
cf0227
The "certificate_authorities" extension is an optional extension
cf0227
introduced in TLS 1.3. It is used to indicate the certificate
cf0227
authorities (CAs) that an endpoint supports and should be used by the
cf0227
receiving endpoint to guide certificate selection.
cf0227
cf0227
With this JDK release, the "certificate_authorities" extension is
cf0227
supported for TLS 1.3 in both the client and the server sides.  This
cf0227
extension is always present for client certificate selection, while it
cf0227
is optional for server certificate selection.
cf0227
cf0227
Applications can enable this extension for server certificate
cf0227
selection by setting the `jdk.tls.client.enableCAExtension` system
cf0227
property to `true`.  The default value of the property is `false`.
cf0227
cf0227
Note that if the client trusts more CAs than the size limit of the
cf0227
extension (less than 2^16 bytes), the extension is not enabled.  Also,
cf0227
some server implementations do not allow handshake messages to exceed
cf0227
2^14 bytes.  Consequently, there may be interoperability issues when
cf0227
`jdk.tls.client.enableCAExtension` is set to `true` and the client
cf0227
trusts more CAs than the server implementation limit.
cf0227
cf0227
New in release OpenJDK 8u292 (2021-04-20):
cf0227
===========================================
cf0227
Live versions of these release notes can be found at:
cf0227
  * https://bitly.com/openjdk8u292
cf0227
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
cf0227
cf0227
* Security fixes
cf0227
  - JDK-8227467: Better class method invocations
cf0227
  - JDK-8244473: Contextualize registration for JNDI
cf0227
  - JDK-8244543: Enhanced handling of abstract classes
cf0227
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
cf0227
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
cf0227
  - JDK-8253799: Make lists of normal filenames
cf0227
* Other changes
cf0227
  - JDK-6345095: regression test EmptyClipRenderingTest fails
cf0227
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
cf0227
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
cf0227
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
cf0227
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
cf0227
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
cf0227
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
cf0227
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
cf0227
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
cf0227
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
cf0227
  - JDK-8038723: Openup some PrinterJob tests
cf0227
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
cf0227
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
cf0227
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
cf0227
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
cf0227
  - JDK-8078450: Implement consistent process for quarantine of tests
cf0227
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
cf0227
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
cf0227
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
cf0227
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
cf0227
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
cf0227
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
cf0227
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
cf0227
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
cf0227
  - JDK-8160217: JavaSound should clean up resources better
cf0227
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
cf0227
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
cf0227
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
cf0227
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
cf0227
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
cf0227
  - JDK-8191915: JCK tests produce incorrect results with C2
cf0227
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
cf0227
  - JDK-8202343: Disable TLS 1.0 and 1.1
cf0227
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
cf0227
  - JDK-8211301: [macos] support full window content options
cf0227
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
cf0227
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
cf0227
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
cf0227
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
cf0227
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
cf0227
  - JDK-8223186: HotSpot compile warnings from GCC 9
cf0227
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
cf0227
  - JDK-8225805: Java Access Bridge does not close the logger
cf0227
  - JDK-8226899: Problemlist compiler/rtm tests
cf0227
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
cf0227
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
cf0227
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
cf0227
  - JDK-8230388: Problemlist additional compiler/rtm tests
cf0227
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
cf0227
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
cf0227
  - JDK-8234728: Some security tests should support TLSv1.3
cf0227
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
cf0227
  - JDK-8235311: Tag mismatch may alert bad_record_mac
cf0227
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
cf0227
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
cf0227
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
cf0227
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
cf0227
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
cf0227
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
cf0227
  - JDK-8242141: New System Properties to configure the TLS signature schemes
cf0227
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
cf0227
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
cf0227
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
cf0227
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
cf0227
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
cf0227
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
cf0227
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
cf0227
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
cf0227
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
cf0227
  - JDK-8253368: TLS connection always receives close_notify exception
cf0227
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
cf0227
  - JDK-8253932: SSL debug log prints incorrect caller info
cf0227
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
cf0227
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
cf0227
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
cf0227
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
cf0227
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
cf0227
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
cf0227
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
cf0227
  - JDK-8256682: JDK-8202343 is incomplete
cf0227
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
cf0227
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
cf0227
  - JDK-8258247: Couple of issues in fix for JDK-8249906
cf0227
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
cf0227
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
cf0227
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
cf0227
  - JDK-8258933: G1 needs klass_or_null_acquire
cf0227
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
cf0227
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
cf0227
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
cf0227
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
cf0227
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
cf0227
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
cf0227
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
cf0227
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
cf0227
  - JDK-8261183: Follow on to Make lists of normal filenames
cf0227
  - JDK-8261231: Windows IME was disabled after DnD operation
cf0227
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
cf0227
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
cf0227
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
cf0227
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
cf0227
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
cf0227
* Shenandoah
cf0227
  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
cf0227
  - Revert differences against upstream 8u
cf0227
  - [backport] 8202976: Add C1 lea patching support for x86
cf0227
  - [backport] 8221507: Implement JFR Events for Shenandoah
cf0227
  - [backport] 8224573: Fix windows build after JDK-8221507
cf0227
  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
cf0227
  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
cf0227
  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
cf0227
  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
cf0227
  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
cf0227
  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
cf0227
  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
cf0227
  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
cf0227
  - [backport] 8233574: Shenandoah: build is broken without jfr
cf0227
  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
cf0227
  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
cf0227
  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
cf0227
  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
cf0227
  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
cf0227
  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
cf0227
  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
cf0227
  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
cf0227
  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
cf0227
  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
cf0227
  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
cf0227
  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
cf0227
  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
cf0227
  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
cf0227
  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
cf0227
  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
cf0227
  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
cf0227
  - Fix register allocation for thread register is 32bit LRB
cf0227
  - Fix Shenandoah bindings in ADLC formssel
cf0227
  - Shenandoah: Backed out weak roots cleaning during full gc
cf0227
cf0227
Notes on individual issues:
cf0227
===========================
cf0227
cf0227
security-libs/java.security:
cf0227
cf0227
JDK-8260597: Added 2 HARICA Root CA Certificates
cf0227
================================================
cf0227
cf0227
The following root certificates have been added to the cacerts truststore:
cf0227
cf0227
Alias Name: haricarootca2015
cf0227
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
cf0227
cf0227
Alias Name: haricaeccrootca2015
cf0227
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
cf0227
cf0227
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
cf0227
===================================================================================
cf0227
Weak named curves are disabled by default by adding them to the
cf0227
following `disabledAlgorithms` security properties:
cf0227
cf0227
* jdk.tls.disabledAlgorithms
cf0227
* jdk.certpath.disabledAlgorithms
cf0227
* jdk.jar.disabledAlgorithms
cf0227
cf0227
Red Hat has always disabled many of the curves provided by upstream,
cf0227
so the only addition in this release is:
cf0227
cf0227
* secp256k1
cf0227
cf0227
The curves that remain enabled are:
cf0227
cf0227
* secp256r1
cf0227
* secp384r1
cf0227
* secp521r1
cf0227
* X25519
cf0227
* X448
cf0227
cf0227
When large numbers of weak named curves need to be disabled, adding
cf0227
individual named curves to each `disabledAlgorithms` property would be
cf0227
overwhelming. To relieve this, a new security property,
cf0227
`jdk.disabled.namedCurves`, is implemented that can list the named
cf0227
curves common to all of the `disabledAlgorithms` properties. To use
cf0227
the new property in the `disabledAlgorithms` properties, precede the
cf0227
full property name with the keyword `include`.  Users can still add
cf0227
individual named curves to `disabledAlgorithms` properties separate
cf0227
from this new property.  No other properties can be included in the
cf0227
`disabledAlgorithms` properties.
cf0227
cf0227
To restore the named curves, remove the `include
cf0227
jdk.disabled.namedCurves` either from specific or from all
cf0227
`disabledAlgorithms` security properties. To restore one or more
cf0227
curves, remove the specific named curve(s) from the
cf0227
`jdk.disabled.namedCurves` property.
cf0227
cf0227
JDK-8244286: Tools Warn If Weak Algorithms Are Used
cf0227
===================================================
cf0227
The `keytool` and `jarsigner` tools have been updated to warn users
cf0227
when weak cryptographic algorithms are used in keys, certificates, and
cf0227
signed JARs before they are disabled. The weak algorithms are set in
cf0227
the `jdk.security.legacyAlgorithms` security property in the
cf0227
`java.security` configuration file. In this release, the tools issue
cf0227
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
cf0227
cf0227
security-libs/javax.net.ssl:
cf0227
cf0227
JDK-8256490: Disable TLS 1.0 and 1.1
cf0227
====================================
cf0227
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
cf0227
considered secure and have been superseded by more secure and modern
cf0227
versions (TLS 1.2 and 1.3).
cf0227
cf0227
These versions have now been disabled by default. If you encounter
cf0227
issues, you can, at your own risk, re-enable the versions by removing
cf0227
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
cf0227
security property in the `java.security` configuration file.
cf0227
cf0227
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
cf0227
=========================================================================
cf0227
Two new system properties have been added to customize the TLS
cf0227
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
cf0227
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
cf0227
has been added for the server side.
cf0227
cf0227
Each system property contains a comma-separated list of supported
cf0227
signature scheme names specifying the signature schemes that could be
cf0227
used for the TLS connections.
cf0227
cf0227
The names are described in the "Signature Schemes" section of the
cf0227
*Java Security Standard Algorithm Names Specification*.
cf0227
cf0227
tools/javac:
cf0227
cf0227
JDK-8177368: Several incorporation steps are silently failing when an error should be reported
cf0227
==============================================================================================
cf0227
Reporting previously silent errors found during incorporation, JLS
cf0227
8ยง18.3, was supposed to be a clean-up with performance only
cf0227
implications. But consider the test case:
cf0227
cf0227
import java.util.Arrays;
cf0227
import java.util.List;
cf0227
cf0227
class Klass {
cf0227
  public static  List<List<A>> foo(List... lists) {
cf0227
    return foo(Arrays.asList(lists));
cf0227
    }
cf0227
cf0227
  public static  List<List<B>> foo(List> lists) {
cf0227
    return null;
cf0227
  }
cf0227
}
cf0227
cf0227
This code was not accepted before the patch for [1], but after this
cf0227
patch the compiler is accepting it. Accepting this code is the right
cf0227
behavior as not reporting incorporation errors was a bug in the
cf0227
compiler.  While determining the applicability of method: 
cf0227
List<List<B>> foo(List> lists) for which
cf0227
we have the constraints: b <: Object t <: List t<:Object
cf0227
List <: t first, inference variable b is selected for
cf0227
instantiation: b = CAP1 of ? extends A so this implies that: t <:
cf0227
List t<: Object List <: t
cf0227
cf0227
Now all the bounds are checked for consistency. While checking if
cf0227
List is a subtype of List
cf0227
a bound error is reported. Before the compiler was just swallowing
cf0227
it. As now the error is reported while inference variable b is being
cf0227
instantiated, the bound set is rolled back to it's initial state, 'b'
cf0227
is instantiated to Object, and with this instantiation the constraint
cf0227
set is solvable, the method is applicable, it's the only applicable
cf0227
one and the code is accepted as correct. The compiler behavior in this
cf0227
case is defined at JLS 8 ยง18.4
cf0227
cf0227
This fix has source compatibility impact, right now code that wasn't
cf0227
being accepted is now being accepted by the javac compiler. Currently
cf0227
there are no reports of any other kind of incompatibility.
cf0227
cf0227
[1] https://bugs.openjdk.java.net/browse/JDK-8078024
cf0227
b44ac0
New in release OpenJDK 8u282 (2021-01-19):
b44ac0
===========================================
b44ac0
Live versions of these release notes can be found at:
b44ac0
  * https://bitly.com/openjdk8u282
b44ac0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
b44ac0
b44ac0
* Security fixes
b44ac0
  - JDK-8247619: Improve Direct Buffering of Characters
b44ac0
* Other changes
b44ac0
  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
b44ac0
  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
b44ac0
  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
b44ac0
  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
b44ac0
  - JDK-8030350: Enable additional compiler warnings for GCC
b44ac0
  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
b44ac0
  - JDK-8036122: Fix warning 'format not a string literal'
b44ac0
  - JDK-8039279: Move awt tests to openjdk repository
b44ac0
  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
b44ac0
  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
b44ac0
  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
b44ac0
  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
b44ac0
  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
b44ac0
  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
b44ac0
  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
b44ac0
  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
b44ac0
  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
b44ac0
  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
b44ac0
  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
b44ac0
  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
b44ac0
  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
b44ac0
  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
b44ac0
  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
b44ac0
  - JDK-8051440: move tests about maximizing undecorated to OpenJDK
b44ac0
  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
b44ac0
  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
b44ac0
  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
b44ac0
  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
b44ac0
  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
b44ac0
  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
b44ac0
  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
b44ac0
  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
b44ac0
  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
b44ac0
  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
b44ac0
  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
b44ac0
  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
b44ac0
  - JDK-8062808: Turn on the -Wreturn-type warning
b44ac0
  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
b44ac0
  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
b44ac0
  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
b44ac0
  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
b44ac0
  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
b44ac0
  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
b44ac0
  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
b44ac0
  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
b44ac0
  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
b44ac0
  - JDK-8068275: Some tests failed after JDK-8063104
b44ac0
  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
b44ac0
  - JDK-8074807: Fix some tests unnecessary using internal API
b44ac0
  - JDK-8076315: move 4 manual functional swing tests to regression suite
b44ac0
  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
b44ac0
  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
b44ac0
  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
b44ac0
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
b44ac0
  - JDK-8148916: Mark bug6400879.java as intermittently failing
b44ac0
  - JDK-8148983: Fix extra comma in changes for JDK-8148916
b44ac0
  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
b44ac0
  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
b44ac0
  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
b44ac0
  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
b44ac0
  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
b44ac0
  - JDK-8165808: Add release barriers when allocating objects with concurrent collection
b44ac0
  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
b44ac0
  - JDK-8166583: Add oopDesc::klass_or_null_acquire()
b44ac0
  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful
b44ac0
  - JDK-8166862: CMS needs klass_or_null_acquire
b44ac0
  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
b44ac0
  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
b44ac0
  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
b44ac0
  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
b44ac0
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
b44ac0
  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
b44ac0
  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
b44ac0
  - JDK-8207766: [testbug] Adapt tests for Aix.
b44ac0
  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
b44ac0
  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
b44ac0
  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
b44ac0
  - JDK-8217362: Emergency dump does not work when disk=false is set
b44ac0
  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations
b44ac0
  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
b44ac0
  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
b44ac0
  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
b44ac0
  - JDK-8220657: JFR.dump does not work when filename is set
b44ac0
  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
b44ac0
  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
b44ac0
  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing
b44ac0
  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
b44ac0
  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
b44ac0
  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
b44ac0
  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
b44ac0
  - JDK-8229868: Update Apache Santuario TPRM version
b44ac0
  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
b44ac0
  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
b44ac0
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
b44ac0
  - JDK-8233548: Update CUP to v0.11b
b44ac0
  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
b44ac0
  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
b44ac0
  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
b44ac0
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
b44ac0
  - JDK-8242335: Additional Tests for RSASSA-PSS
b44ac0
  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
b44ac0
  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
b44ac0
  - JDK-8245400: Upgrade to LittleCMS 2.11
b44ac0
  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
b44ac0
  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
b44ac0
  - JDK-8249176: Update GlobalSignR6CA test certificates
b44ac0
  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
b44ac0
  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
b44ac0
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
b44ac0
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
b44ac0
  - JDK-8251365: Build failure on AIX after 8250636
b44ac0
  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
b44ac0
  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
b44ac0
  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
b44ac0
  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
b44ac0
  - JDK-8252497: Incorrect numeric currency code for ROL
b44ac0
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
b44ac0
  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
b44ac0
  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
b44ac0
  - JDK-8253036: Support building the Zero assembler port on AArch64
b44ac0
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
b44ac0
  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
b44ac0
  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
b44ac0
  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
b44ac0
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
b44ac0
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
b44ac0
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
b44ac0
  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
b44ac0
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
b44ac0
  - JDK-8255003: Build failures on Solaris
b44ac0
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
b44ac0
  - JDK-8255269: Unsigned overflow in g1Policy.cpp
b44ac0
  - JDK-8255603: Memory/Performance regression after JDK-8210985
b44ac0
  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
b44ac0
  - JDK-8256618: Zero: Linux x86_32 build still fails
b44ac0
  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
b44ac0
  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
b44ac0
  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
b44ac0
  - JDK-8258630: Add expiry exception for QuoVadis root certificate
b44ac0
* AArch64 port
b44ac0
  - Fix AArch64 build failure after JDK-8062808 backport
b44ac0
* Shenandoah
b44ac0
  - Fix racy update of code roots
b44ac0
b44ac0
Notes on individual issues:
b44ac0
===========================
b44ac0
b44ac0
security-libs/javax.xml.crypto:
b44ac0
b44ac0
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
b44ac0
===========================================================================
b44ac0
The XML Signature implementation in the `java.xml.crypto` module has
b44ac0
been updated to version 2.1.3 of Apache Santuario. New features
b44ac0
include:
b44ac0
b44ac0
* Added support for embedding elliptic curve public keys in the
b44ac0
  KeyValue element
b44ac0
b44ac0
New in release OpenJDK 8u275 (2020-11-05):
b44ac0
===========================================
b44ac0
Live versions of these release notes can be found at:
b44ac0
  * https://bitly.com/openjdk8u275
b44ac0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
b44ac0
b44ac0
* Regression fixes
b44ac0
  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
b44ac0
  - JDK-8223940: Private key not supported by chosen signature algorithm
b44ac0
  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
b44ac0
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
b44ac0
b44ac0
New in release OpenJDK 8u272 (2020-10-20):
b44ac0
===========================================
b44ac0
Live versions of these release notes can be found at:
b44ac0
  * https://bitly.com/openjdk8u272
b44ac0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
b44ac0
b44ac0
* New features
b44ac0
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
b44ac0
* Security fixes
b44ac0
  - JDK-8233624: Enhance JNI linkage
b44ac0
  - JDK-8236196: Improve string pooling
b44ac0
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
b44ac0
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
b44ac0
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
b44ac0
  - JDK-8240124: Better VM Interning
b44ac0
  - JDK-8241114, CVE-2020-14792: Better range handling
b44ac0
  - JDK-8242680, CVE-2020-14796: Improved URI Support
b44ac0
  - JDK-8242685, CVE-2020-14797: Better Path Validation
b44ac0
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
b44ac0
  - JDK-8243302: Advanced class supports
b44ac0
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
b44ac0
  - JDK-8244479: Further constrain certificates
b44ac0
  - JDK-8244955: Additional Fix for JDK-8240124
b44ac0
  - JDK-8245407: Enhance zoning of times
b44ac0
  - JDK-8245412: Better class definitions
b44ac0
  - JDK-8245417: Improve certificate chain handling
b44ac0
  - JDK-8248574: Improve jpeg processing
b44ac0
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
b44ac0
  - JDK-8253019: Enhanced JPEG decoding
b44ac0
* Other changes
b44ac0
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
b44ac0
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
b44ac0
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
b44ac0
  - JDK-8025886: replace [[ and == bash extensions in regtest
b44ac0
  - JDK-8026236: Add PrimeTest for BigInteger
b44ac0
  - JDK-8031625: javadoc problems referencing inner class constructors
b44ac0
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
b44ac0
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
b44ac0
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
b44ac0
  - JDK-8046274: Removing dependency on jakarta-regexp
b44ac0
  - JDK-8048933: -XX:+TraceExceptions output should include the message
b44ac0
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
b44ac0
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
b44ac0
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
b44ac0
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
b44ac0
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
b44ac0
  - JDK-8075774: Small readability and performance improvements for zipfs
b44ac0
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
b44ac0
  - JDK-8078334: Mark regression tests using randomness
b44ac0
  - JDK-8078880: Mark a few more intermittently failuring security-libs
b44ac0
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
b44ac0
  - JDK-8132206: move ScanTest.java into OpenJDK
b44ac0
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
b44ac0
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
b44ac0
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
b44ac0
  - JDK-8144539: Update PKCS11 tests to run with security manager
b44ac0
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
b44ac0
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
b44ac0
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
b44ac0
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
b44ac0
  - JDK-8151788: NullPointerException from ntlm.Client.type3
b44ac0
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
b44ac0
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
b44ac0
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
b44ac0
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
b44ac0
  - JDK-8154313: Generated javadoc scattered all over the place
b44ac0
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
b44ac0
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
b44ac0
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
b44ac0
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
b44ac0
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
b44ac0
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
b44ac0
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
b44ac0
  - JDK-8167300: Scheduling failures during gcm should be fatal
b44ac0
  - JDK-8167615: Opensource unit/regression tests for JavaSound
b44ac0
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
b44ac0
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
b44ac0
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
b44ac0
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
b44ac0
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
b44ac0
  - JDK-8177628: Opensource unit/regression tests for ImageIO
b44ac0
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
b44ac0
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
b44ac0
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
b44ac0
  - JDK-8184762: ZapStackSegments should use optimized memset
b44ac0
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
b44ac0
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
b44ac0
  - JDK-8193137: Nashorn crashes when given an empty script file
b44ac0
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
b44ac0
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
b44ac0
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
b44ac0
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
b44ac0
  - JDK-8201633: Problems with AES-GCM native acceleration
b44ac0
  - JDK-8203357: Container Metrics
b44ac0
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
b44ac0
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
b44ac0
  - JDK-8211049: Second parameter of "initialize" method is not used
b44ac0
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
b44ac0
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
b44ac0
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
b44ac0
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
b44ac0
  - JDK-8217606: LdapContext#reconnect always opens a new connection
b44ac0
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
b44ac0
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
b44ac0
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
b44ac0
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
b44ac0
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
b44ac0
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
b44ac0
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
b44ac0
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
b44ac0
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
b44ac0
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
b44ac0
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
b44ac0
  - JDK-8224217: RecordingInfo should use textual representation of path
b44ac0
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
b44ac0
  - JDK-8226575: OperatingSystemMXBean should be made container aware
b44ac0
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
b44ac0
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
b44ac0
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
b44ac0
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
b44ac0
  - JDK-8230303: JDB hangs when running monitor command
b44ac0
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
b44ac0
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
b44ac0
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
b44ac0
  - JDK-8233097: Fontmetrics for large Fonts has zero width
b44ac0
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
b44ac0
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
b44ac0
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
b44ac0
  - JDK-8235325: build failure on Linux after 8235243
b44ac0
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
b44ac0
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
b44ac0
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
b44ac0
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
b44ac0
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
b44ac0
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
b44ac0
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
b44ac0
  - JDK-8238898: Missing hash characters for header on license file
b44ac0
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
b44ac0
  - JDK-8239819: XToolkit: Misread of screen information memory
b44ac0
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
b44ac0
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
b44ac0
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
b44ac0
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
b44ac0
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
b44ac0
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
b44ac0
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
b44ac0
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
b44ac0
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
b44ac0
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
b44ac0
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
b44ac0
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
b44ac0
  - JDK-8245469: Remove DTLS protocol implementation
b44ac0
  - JDK-8245470: Fix JDK8 compatibility issues
b44ac0
  - JDK-8245471: Revert JDK-8148188
b44ac0
  - JDK-8245472: Backport JDK-8038893 to JDK8
b44ac0
  - JDK-8245473: OCSP stapling support
b44ac0
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
b44ac0
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
b44ac0
  - JDK-8245477: Adjust TLS tests location
b44ac0
  - JDK-8245653: Remove 8u TLS tests
b44ac0
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
b44ac0
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
b44ac0
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
b44ac0
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
b44ac0
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
b44ac0
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
b44ac0
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
b44ac0
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
b44ac0
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
b44ac0
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
b44ac0
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
b44ac0
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
b44ac0
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
b44ac0
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
b44ac0
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
b44ac0
  - JDK-8251341: Minimal Java specification change
b44ac0
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
b44ac0
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
b44ac0
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
b44ac0
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
b44ac0
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
b44ac0
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
b44ac0
  - JDK-8254937: Revert JDK-8148854 for 8u272
b44ac0
b44ac0
Notes on individual issues:
b44ac0
===========================
b44ac0
b44ac0
core-svc/java.lang.management:
b44ac0
b44ac0
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
b44ac0
============================================================================================
b44ac0
When executing in a container, or other virtualized operating
b44ac0
environment, the following `OperatingSystemMXBean` methods in this
b44ac0
release return container specific information, if
b44ac0
available. Otherwise, they return host specific data:
b44ac0
b44ac0
* getFreePhysicalMemorySize()
b44ac0
* getTotalPhysicalMemorySize()
b44ac0
* getFreeSwapSpaceSize()
b44ac0
* getTotalSwapSpaceSize()
b44ac0
* getSystemCpuLoad()
b44ac0
b44ac0
security-libs/java.security:
b44ac0
b44ac0
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
b44ac0
========================================================================
b44ac0
The Entrust root certificate has been added to the cacerts truststore:
b44ac0
b44ac0
Alias Name: entrustrootcag4
b44ac0
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
b44ac0
b44ac0
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
b44ac0
=========================================================
b44ac0
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
b44ac0
b44ac0
Alias Name: sslrootrsaca
b44ac0
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
b44ac0
b44ac0
Alias Name: sslrootevrsaca
b44ac0
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
b44ac0
b44ac0
Alias Name: sslrooteccca
b44ac0
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
b44ac0
b44ac0
security-libs/javax.crypto:pkcs11:
b44ac0
b44ac0
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
b44ac0
=======================================================================
b44ac0
The SunPKCS11 provider has been updated with support for PKCS#11
b44ac0
v2.40. This version adds support for more algorithms such as the
b44ac0
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
b44ac0
digests, and RSASSA-PSS signatures when the corresponding PKCS11
b44ac0
mechanisms are supported by the underlying PKCS11 library.
b44ac0
b44ac0
security-libs/javax.security:
b44ac0
b44ac0
JDK-8242059: Support for canonicalize in krb5.conf
b44ac0
==================================================
b44ac0
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
b44ac0
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
b44ac0
canonicalization is requested by clients in TGT requests to KDC
b44ac0
services (AS protocol). Otherwise, and by default, it is not
b44ac0
requested.
b44ac0
b44ac0
The new default behavior is different from previous releases where
b44ac0
name canonicalization was always requested by clients in TGT requests
b44ac0
to KDC services (provided that support for RFC 6806[1] was not
b44ac0
explicitly disabled with the *sun.security.krb5.disableReferrals*
b44ac0
system or security properties).
b44ac0
b44ac0
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
b44ac0
[1]: https://tools.ietf.org/html/rfc6806
b44ac0
b44ac0
security-libs/javax.xml.crypto:
b44ac0
b44ac0
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
b44ac0
=====================================================================
b44ac0
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
b44ac0
b44ac0
New features include:
b44ac0
b44ac0
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
b44ac0
in RFC 6931.
b44ac0
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
b44ac0
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
b44ac0
b44ac0
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
b44ac0
============================================================================================================
b44ac0
The upgrade to the Apache Santuario libraries (see above) introduced
b44ac0
an issue where XML signature using Base64 encoding resulted in
b44ac0
appending `&#xd` or `&#13` to the encoded output. This behavioural
b44ac0
change was made in the Apache Santuario codebase to comply with RFC
b44ac0
2045. The Santuario team has adopted a position of keeping their
b44ac0
libraries compliant with RFC 2045.
b44ac0
b44ac0
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
b44ac0
data in a format without `&#xd` or `&#13`.
b44ac0
b44ac0
Therefore a new system property, specific to the 8 update stream,
b44ac0
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
b44ac0
available to fall back to the legacy Base64 encoded format.
b44ac0
b44ac0
Users can set this flag in one of two ways:
b44ac0
b44ac0
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
b44ac0
b44ac0
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
b44ac0
b44ac0
This new system property is disabled by default. It has no effect on
b44ac0
default behaviour nor when
b44ac0
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
b44ac0
is set.
b44ac0
b44ac0
Later JDK family versions will only support the recommended property:
b44ac0
b44ac0
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
b44ac0
b44ac0
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
b44ac0
====================================================================
b44ac0
Following JDK's update to tzdata2020b, the long-obsolete files
b44ac0
pacificnew and systemv have been removed. As a result, the
b44ac0
"US/Pacific-New" zone name declared in the pacificnew data file is no
b44ac0
longer available for use.
b44ac0
b44ac0
Information regarding the update can be viewed at
b44ac0
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
b44ac0
b44ac0
New in release OpenJDK 8u265 (2020-07-27):
b44ac0
===========================================
b44ac0
Live versions of these release notes can be found at:
b44ac0
  * https://bitly.com/openjdk8u265
b44ac0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
b44ac0
b44ac0
* Bug fixes
b44ac0
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
b44ac0
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
b44ac0
b44ac0
New in release OpenJDK 8u262 (2020-07-14):
b44ac0
===========================================
b44ac0
Live versions of these release notes can be found at:
b44ac0
  * https://bitly.com/oj8u262
b44ac0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
b44ac0
b44ac0
* New features
b44ac0
  - JDK-8223147: JFR Backport
b44ac0
* Security fixes
b44ac0
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
b44ac0
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
b44ac0
  - JDK-8230613: Better ASCII conversions
b44ac0
  - JDK-8231800: Better listing of arrays
b44ac0
  - JDK-8232014: Expand DTD support
b44ac0
  - JDK-8233255: Better Swing Buttons
b44ac0
  - JDK-8234032: Improve basic calendar services
b44ac0
  - JDK-8234042: Better factory production of certificates
b44ac0
  - JDK-8234418: Better parsing with CertificateFactory
b44ac0
  - JDK-8234836: Improve serialization handling
b44ac0
  - JDK-8236191: Enhance OID processing
b44ac0
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
b44ac0
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
b44ac0
  - JDK-8238002, CVE-2020-14581: Better matrix operations
b44ac0
  - JDK-8238804: Enhance key handling process
b44ac0
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
b44ac0
  - JDK-8238843: Enhanced font handing
b44ac0
  - JDK-8238920, CVE-2020-14583: Better Buffer support
b44ac0
  - JDK-8238925: Enhance WAV file playback
b44ac0
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
b44ac0
  - JDK-8240482: Improved WAV file playback
b44ac0
  - JDK-8241379: Update JCEKS support
b44ac0
  - JDK-8241522: Manifest improved jar headers redux
b44ac0
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
b44ac0
* Other changes
b44ac0
  - JDK-4949105: Access Bridge lacks html tags parsing
b44ac0
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
b44ac0
  - JDK-8003209: JFR events for network utilization
b44ac0
  - JDK-8030680: 292 cleanup from default method code assessment
b44ac0
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
b44ac0
  - JDK-8037866: Replace the Fun class in tests with lambdas
b44ac0
  - JDK-8041626: Shutdown tracing event
b44ac0
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
b44ac0
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
b44ac0
  - JDK-8076475: Misuses of strncpy/strncat
b44ac0
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
b44ac0
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
b44ac0
  - JDK-8146612: C2: Precedence edges specification violated
b44ac0
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
b44ac0
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
b44ac0
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
b44ac0
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
b44ac0
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
b44ac0
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
b44ac0
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
b44ac0
  - JDK-8176182: 4 security tests are not run
b44ac0
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
b44ac0
  - JDK-8178910: Problemlist sample tests
b44ac0
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
b44ac0
  - JDK-8183925: Decouple crash protection from watcher thread
b44ac0
  - JDK-8191393: Random crashes during cfree+0x1c
b44ac0
  - JDK-8195817: JFR.stop should require name of recording
b44ac0
  - JDK-8195818: JFR.start should increase autogenerated name by one
b44ac0
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
b44ac0
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
b44ac0
  - JDK-8199712: Flight Recorder
b44ac0
  - JDK-8202578: Revisit location for class unload events
b44ac0
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
b44ac0
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
b44ac0
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
b44ac0
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
b44ac0
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
b44ac0
  - JDK-8203929: Limit amount of data for JFR.dump
b44ac0
  - JDK-8205516: JFR tool
b44ac0
  - JDK-8207392: [PPC64] Implement JFR profiling
b44ac0
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
b44ac0
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
b44ac0
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
b44ac0
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
b44ac0
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
b44ac0
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
b44ac0
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
b44ac0
  - JDK-8213421: Line number information for execution samples always 0
b44ac0
  - JDK-8213617: JFR should record the PID of the recorded process
b44ac0
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
b44ac0
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
b44ac0
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
b44ac0
  - JDK-8213966: The ZGC JFR events should be marked as experimental
b44ac0
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
b44ac0
  - JDK-8214750: Unnecessary 

tags in jfr classes

b44ac0
  - JDK-8214896: JFR Tool left files behind
b44ac0
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
b44ac0
  - JDK-8214925: JFR tool fails to execute
b44ac0
  - JDK-8215175: Inconsistencies in JFR event metadata
b44ac0
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
b44ac0
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
b44ac0
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
b44ac0
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
b44ac0
  - JDK-8215771: The jfr tool should pretty print reference chains
b44ac0
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
b44ac0
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
b44ac0
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
b44ac0
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
b44ac0
  - JDK-8216578: Remove unused/obsolete method in JFR code
b44ac0
  - JDK-8216995: Clean up JFR command line processing
b44ac0
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
b44ac0
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
b44ac0
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
b44ac0
  - JDK-8220293: Deadlock in JFR string pool
b44ac0
  - JDK-8223689: Add JFR Thread Sampling Support
b44ac0
  - JDK-8223690: Add JFR BiasedLock Event Support
b44ac0
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
b44ac0
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
b44ac0
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
b44ac0
  - JDK-8224475: JTextPane does not show images in HTML rendering
b44ac0
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
b44ac0
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
b44ac0
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
b44ac0
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
b44ac0
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
b44ac0
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
b44ac0
  - JDK-8227269: Slow class loading when running with JDWP
b44ac0
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
b44ac0
  - JDK-8229366: JFR backport allows unchecked writing to memory
b44ac0
  - JDK-8229401: Fix JFR code cache test failures
b44ac0
  - JDK-8229708: JFR backport code does not initialize
b44ac0
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
b44ac0
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
b44ac0
  - JDK-8229899: Make java.io.File.isInvalid() less racy
b44ac0
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
b44ac0
  - JDK-8230597: Update GIFlib library to the 5.2.1
b44ac0
  - JDK-8230707: JFR related tests are failing
b44ac0
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
b44ac0
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
b44ac0
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
b44ac0
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
b44ac0
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
b44ac0
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
b44ac0
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
b44ac0
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
b44ac0
  - JDK-8233880: Support compilers with multi-digit major version numbers
b44ac0
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
b44ac0
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
b44ac0
  - JDK-8236074: Missed package-info
b44ac0
  - JDK-8236174: Should update javadoc since tags
b44ac0
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
b44ac0
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
b44ac0
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
b44ac0
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
b44ac0
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
b44ac0
  - JDK-8238590: Enable JFR by default during compilation in 8u
b44ac0
  - JDK-8239055: Wrong implementation of VMState.hasListener
b44ac0
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
b44ac0
  - JDK-8239479: minimal1 and zero builds are failing
b44ac0
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
b44ac0
  - JDK-8239867: correct over use of INCLUDE_JFR macro
b44ac0
  - JDK-8240375: Disable JFR by default for July 2020 release
b44ac0
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
b44ac0
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
b44ac0
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
b44ac0
  - JDK-8241750: x86_32 build failure after JDK-8227269
b44ac0
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
b44ac0
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
b44ac0
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
b44ac0
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
b44ac0
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
b44ac0
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
b44ac0
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
b44ac0
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
b44ac0
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
b44ac0
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
b44ac0
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
b44ac0
  - JDK-8244843: JapanEraNameCompatTest fails
b44ac0
  - JDK-8245167: Top package in method profiling shows null in JMC
b44ac0
  - JDK-8246223: Windows build fails after JDK-8227269
b44ac0
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
b44ac0
  - JDK-8248399: Build installs jfr binary when JFR is disabled
b44ac0
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
b44ac0
b44ac0
Notes on individual issues:
b44ac0
===========================
b44ac0
b44ac0
hotspot/jfr:
b44ac0
b44ac0
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
b44ac0
=========================================================
b44ac0
b44ac0
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
b44ac0
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
b44ac0
b44ac0
JFR is a low-overhead framework to collect and provide data helpful to
b44ac0
troubleshoot the performance of the OpenJDK runtime and of Java
b44ac0
applications. It consists of a new API to define custom events under
b44ac0
the jdk.jfr namespace and a JMX interface to interact with the
b44ac0
framework. The recording can also be initiated with the application
b44ac0
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
b44ac0
the +XX:EnableTracing feature introduced in JEP 167, providing a more
b44ac0
efficient way to retrieve the same information. For compatibility
b44ac0
reasons, +XX:EnableTracing is still accepted, however no data will be
b44ac0
printed.
b44ac0
b44ac0
While JFR is not built by default upstream, it is included in Red Hat
b44ac0
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
b44ac0
b44ac0
hotspot/runtime:
b44ac0
b44ac0
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
b44ac0
=========================================================================================
b44ac0
b44ac0
JFR will be disabled with a warning message if it is enabled during
b44ac0
CDS dumping. The user will see the following warning message:
b44ac0
b44ac0
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
b44ac0
b44ac0
if JFR is enabled during CDS dumping such as in the following command
b44ac0
line:
b44ac0
b44ac0
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
b44ac0
b44ac0
security-libs/java.security:
b44ac0
b44ac0
JDK-8244167: Removal of Comodo Root CA Certificate
b44ac0
==================================================
b44ac0
b44ac0
The following expired Comodo root CA certificate was removed from the
b44ac0
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
b44ac0
b44ac0
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
b44ac0
b44ac0
JDK-8244166: Removal of DocuSign Root CA Certificate
b44ac0
====================================================
b44ac0
b44ac0
The following expired DocuSign root CA certificate was removed from
b44ac0
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
b44ac0
b44ac0
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
b44ac0
b44ac0
security-libs/javax.crypto:pkcs11:
b44ac0
b44ac0
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
b44ac0
============================================================================================================================
b44ac0
b44ac0
The SunPKCS11 security provider can now be initialized with NSS when
b44ac0
FIPS-enabled external modules are configured in the Security Modules
b44ac0
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
b44ac0
throw a RuntimeException with the message: "FIPS flag set for
b44ac0
non-internal module" when such a library was configured for NSS in
b44ac0
non-FIPS mode.
b44ac0
b44ac0
This change allows the JDK to work properly with recent NSS releases
b44ac0
on GNU/Linux operating systems when the system-wide FIPS policy is
b44ac0
turned on.
b44ac0
b44ac0
Further information can be found in JDK-8238555.
b44ac0
edf4c9
New in release OpenJDK 8u252 (2020-04-14):
edf4c9
===========================================
edf4c9
Live versions of these release notes can be found at:
edf4c9
  * https://bitly.com/oj8u252
edf4c9
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
edf4c9
edf4c9
* Security fixes
edf4c9
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
edf4c9
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
edf4c9
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
edf4c9
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
edf4c9
  - JDK-8225603: Enhancement for big integers
edf4c9
  - JDK-8227542: Manifest improved jar headers
edf4c9
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
edf4c9
  - JDK-8233250: Better X11 rendering
edf4c9
  - JDK-8233410: Better Build Scripting
edf4c9
  - JDK-8234027: Better JCEKS key support
edf4c9
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
edf4c9
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
edf4c9
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
edf4c9
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
edf4c9
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
edf4c9
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
edf4c9
* Other changes
edf4c9
  - JDK-8005819: Support cross-realm MSSFU
edf4c9
  - JDK-8022263: use same Clang warnings on BSD as on Linux
edf4c9
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
edf4c9
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
edf4c9
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
edf4c9
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
edf4c9
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
edf4c9
  - JDK-8132130: some docs cleanup
edf4c9
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
edf4c9
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
edf4c9
  - JDK-8144446: Automate the Marlin crash test
edf4c9
  - JDK-8144526: Remove Marlin logging use of deleted internal API
edf4c9
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
edf4c9
  - JDK-8144654: Improve Marlin logging
edf4c9
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
edf4c9
  - JDK-8166976: TestCipherPBECons has wrong @run line
edf4c9
  - JDK-8167409: Invalid value passed to critical JNI function
edf4c9
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
edf4c9
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
edf4c9
  - JDK-8191227: issues with unsafe handle resolution
edf4c9
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
edf4c9
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
edf4c9
  - JDK-8215756: Memory leaks in the AWT on macOS
edf4c9
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
edf4c9
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
edf4c9
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
edf4c9
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
edf4c9
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
edf4c9
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
edf4c9
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
edf4c9
  - JDK-8229872: (fs) Increase buffer size used with getmntent
edf4c9
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
edf4c9
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
edf4c9
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
edf4c9
  - JDK-8235904: Infinite loop when rendering huge lines
edf4c9
  - JDK-8236179: C1 register allocation error with T_ADDRESS
edf4c9
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
edf4c9
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
edf4c9
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
edf4c9
  - JDK-8241307: Marlin renderer should not be the default in 8u252
edf4c9
edf4c9
Notes on individual issues:
edf4c9
===========================
edf4c9
edf4c9
hotspot/svc:
edf4c9
edf4c9
JDK-8174881: Binary format for HPROF updated 
edf4c9
============================================
edf4c9
edf4c9
When dumping the heap in binary format, HPROF format 1.0.2 is always
edf4c9
used now. Previously, format 1.0.1 was used for heaps smaller than
edf4c9
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
edf4c9
serviceability agent.
edf4c9
edf4c9
security-libs/java.security:
edf4c9
edf4c9
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
edf4c9
====================================================================================
edf4c9
edf4c9
The SunRsaSign and SunJCE providers have been enhanced with support
edf4c9
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
edf4c9
signature and OAEP using FIPS 180-4 digest algorithms. New
edf4c9
constructors and methods have been added to relevant JCA/JCE classes
edf4c9
under the `java.security.spec` and `javax.crypto.spec` packages for
edf4c9
supporting additional RSASSA-PSS parameters.
edf4c9
edf4c9
security-libs/javax.crypto:
edf4c9
edf4c9
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
edf4c9
============================================================
edf4c9
edf4c9
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
edf4c9
edf4c9
security-libs/javax.security:
edf4c9
edf4c9
JDK-8227564: Allow SASL Mechanisms to Be Restricted
edf4c9
===================================================
edf4c9
edf4c9
A security property named `jdk.sasl.disabledMechanisms` has been added
edf4c9
that can be used to disable SASL mechanisms. Any disabled mechanism
edf4c9
will be ignored if it is specified in the `mechanisms` argument of
edf4c9
`Sasl.createSaslClient` or the `mechanism` argument of
edf4c9
`Sasl.createSaslServer`. The default value for this security property
edf4c9
is empty, which means that no mechanisms are disabled out-of-the-box.