d92b92
Key:
d92b92
d92b92
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
d92b92
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
d92b92
8e26b0
New in release OpenJDK 8u302 (2021-07-20):
8e26b0
===========================================
8e26b0
Live versions of these release notes can be found at:
8e26b0
  * https://bitly.com/openjdk8u302
8e26b0
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
8e26b0
8e26b0
* Security fixes
8e26b0
  - JDK-8256157: Improve bytecode assembly
8e26b0
  - JDK-8256491: Better HTTP transport
8e26b0
  - JDK-8258432, CVE-2021-2341: Improve file transfers
8e26b0
  - JDK-8260453: Improve Font Bounding
8e26b0
  - JDK-8260960: Signs of jarsigner signing
8e26b0
  - JDK-8260967, CVE-2021-2369: Better jar file validation
8e26b0
  - JDK-8262380: Enhance XML processing passes
8e26b0
  - JDK-8262403: Enhanced data transfer
8e26b0
  - JDK-8262410: Enhanced rules for zones
8e26b0
  - JDK-8262477: Enhance String Conclusions
8e26b0
  - JDK-8262967: Improve Zip file support
8e26b0
  - JDK-8264066, CVE-2021-2388: Enhance compiler validation
8e26b0
  - JDK-8264079: Improve abstractions
8e26b0
  - JDK-8264460: Improve NTLM support
8e26b0
* Other changes
8e26b0
  - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
8e26b0
  - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
8e26b0
  - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
8e26b0
  - JDK-7106851: Test should not use System.exit
8e26b0
  - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
8e26b0
  - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
8e26b0
  - JDK-8030123: java/beans/Introspector/Test8027648.java fails
8e26b0
  - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
8e26b0
  - JDK-8033289: clang: clean up unused function warning
8e26b0
  - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
8e26b0
  - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
8e26b0
  - JDK-8035000: clean up ActivationLibrary.DestroyThread
8e26b0
  - JDK-8035054: JarFacade.c should not include ctype.h
8e26b0
  - JDK-8035287: gcc warnings compiling various libraries files
8e26b0
  - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
8e26b0
  - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
8e26b0
  - JDK-8042891: Format issues embedded in macros for two g1 source files
8e26b0
  - JDK-8043264: hsdis library not picked up correctly on expected paths
8e26b0
  - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
8e26b0
  - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
8e26b0
  - JDK-8055754: filemap.cpp does not compile with clang
8e26b0
  - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
8e26b0
  - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
8e26b0
  - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
8e26b0
  - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
8e26b0
  - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
8e26b0
  - JDK-8074835: Resolve disabled warnings for libj2gss
8e26b0
  - JDK-8074836: Resolve disabled warnings for libosxkrb5
8e26b0
  - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
8e26b0
  - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
8e26b0
  - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
8e26b0
  - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
8e26b0
  - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
8e26b0
  - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
8e26b0
  - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
8e26b0
  - JDK-8132148: G1 hs_err region dump legend out of sync with region values
8e26b0
  - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
8e26b0
  - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
8e26b0
  - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
8e26b0
  - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
8e26b0
  - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
8e26b0
  - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
8e26b0
  - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
8e26b0
  - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
8e26b0
  - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
8e26b0
  - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
8e26b0
  - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
8e26b0
  - JDK-8178403: DirectAudio in JavaSound may hang and leak
8e26b0
  - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
8e26b0
  - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
8e26b0
  - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
8e26b0
  - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
8e26b0
  - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
8e26b0
  - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
8e26b0
  - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
8e26b0
  - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
8e26b0
  - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
8e26b0
  - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
8e26b0
  - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
8e26b0
  - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
8e26b0
  - JDK-8206925: Support the certificate_authorities extension
8e26b0
  - JDK-8209996: [PPC64] Fix JFR profiling
8e26b0
  - JDK-8214345: infinite recursion while checking super class
8e26b0
  - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
8e26b0
  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
8e26b0
  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
8e26b0
  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
8e26b0
  - JDK-8228757: Fail fast if the handshake type is unknown
8e26b0
  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
8e26b0
  - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
8e26b0
  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
8e26b0
  - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
8e26b0
  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
8e26b0
  - JDK-8239053: [8u] clean up undefined-var-template warnings
8e26b0
  - JDK-8239400: [8u] clean up undefined-var-template warnings
8e26b0
  - JDK-8241649: Optimize Character.toString
8e26b0
  - JDK-8241829: Cleanup the code for PrinterJob on windows
8e26b0
  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
8e26b0
  - JDK-8243559: Remove root certificates with 1024-bit keys
8e26b0
  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
8e26b0
  - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
8e26b0
  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
8e26b0
  - JDK-8250876: Fix issues with cross-compile on macos
8e26b0
  - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
8e26b0
  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
8e26b0
  - JDK-8254631: Better support ALPN byte wire values in SunJSSE
8e26b0
  - JDK-8255086: Update the root locale display names
8e26b0
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
8e26b0
  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
8e26b0
  - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
8e26b0
  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
8e26b0
  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
8e26b0
  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
8e26b0
  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
8e26b0
  - JDK-8258419: RSA cipher buffer cleanup
8e26b0
  - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
8e26b0
  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
8e26b0
  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
8e26b0
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
8e26b0
  - JDK-8259886: Improve SSL session cache performance and scalability
8e26b0
  - JDK-8260029: aarch64: fix typo in verify_oop_array
8e26b0
  - JDK-8260236: better init AnnotationCollector _contended_group
8e26b0
  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
8e26b0
  - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
8e26b0
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
8e26b0
  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
8e26b0
  - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
8e26b0
  - JDK-8262110: DST starts from incorrect time in 2038
8e26b0
  - JDK-8262446: DragAndDrop hangs on Windows
8e26b0
  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
8e26b0
  - JDK-8262730: Enable jdk8u MacOS external debug symbols
8e26b0
  - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
8e26b0
  - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
8e26b0
  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
8e26b0
  - JDK-8263600: change rmidRunning to a simple lookup
8e26b0
  - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
8e26b0
  - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
8e26b0
  - JDK-8264640: CMS ParScanClosure misses a barrier
8e26b0
  - JDK-8264816: Weak handles leak causes GC to take longer
8e26b0
  - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
8e26b0
  - JDK-8265666: Enable AIX build platform to make external debug symbols
8e26b0
  - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
8e26b0
  - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
8e26b0
  - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
8e26b0
  - JDK-8266723: JFR periodic events are causing extra allocations
8e26b0
  - JDK-8266929: Unable to use algorithms from 3p providers
8e26b0
  - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
8e26b0
  - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
8e26b0
  - JDK-8267545: [8u] Enable Xcode 12 builds on macOS
8e26b0
  - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
8e26b0
  - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
8e26b0
  - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
8e26b0
  - JDK-8269468: JDK-8269388 breaks the build on older GCCs
8e26b0
  - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
8e26b0
* Shenandoah
8e26b0
  - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
8e26b0
  - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
8e26b0
  - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
8e26b0
  - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
8e26b0
  - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
8e26b0
  - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
8e26b0
  - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
8e26b0
  - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
8e26b0
  - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
8e26b0
  - Shenandoah: Process weak roots during class unloading cycle
8e26b0
8e26b0
Notes on individual issues:
8e26b0
===========================
8e26b0
8e26b0
security-libs/java.security:
8e26b0
8e26b0
JDK-8256902: Removed Root Certificates with 1024-bit Keys
8e26b0
=========================================================
8e26b0
The following root certificates with weak 1024-bit RSA public keys
8e26b0
have been removed from the `cacerts` keystore:
8e26b0
8e26b0
Alias Name: thawtepremiumserverca [jdk]
8e26b0
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
8e26b0
8e26b0
Alias Name: verisignclass2g2ca [jdk]
8e26b0
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
8e26b0
8e26b0
Alias Name: verisignclass3ca [jdk]
8e26b0
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
8e26b0
8e26b0
Alias Name: verisignclass3g2ca [jdk]
8e26b0
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
8e26b0
8e26b0
Alias Name: verisigntsaca [jdk]
8e26b0
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
8e26b0
8e26b0
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
8e26b0
=================================================================
8e26b0
8e26b0
The following root certificate have been removed from the cacerts truststore:
8e26b0
8e26b0
Alias Name: soneraclass2ca
8e26b0
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
8e26b0
8e26b0
security-libs/javax.net.ssl:
8e26b0
8e26b0
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
8e26b0
=========================================================================================
8e26b0
Certain TLS ALPN values couldn't be properly read or written by the
8e26b0
SunJSSE provider. This is due to the choice of Strings as the API
8e26b0
interface and the undocumented internal use of the UTF-8 Character Set
8e26b0
which converts characters larger than U+00007F (7-bit ASCII) into
8e26b0
multi-byte arrays that may not be expected by a peer.
8e26b0
8e26b0
ALPN values are now represented using the network byte representation
8e26b0
expected by the peer, which should require no modification for
8e26b0
standard 7-bit ASCII-based character Strings. However, SunJSSE now
8e26b0
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
8e26b0
characters.  This means applications that used characters above
8e26b0
U+000007F that were previously encoded using UTF-8 may need to either
8e26b0
be modified to perform the UTF-8 conversion, or set the Java security
8e26b0
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
8e26b0
8e26b0
See the updated guide at
8e26b0
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
8e26b0
for more information.
8e26b0
8e26b0
JDK-8244460: Support for certificate_authorities Extension
8e26b0
==========================================================
8e26b0
The "certificate_authorities" extension is an optional extension
8e26b0
introduced in TLS 1.3. It is used to indicate the certificate
8e26b0
authorities (CAs) that an endpoint supports and should be used by the
8e26b0
receiving endpoint to guide certificate selection.
8e26b0
8e26b0
With this JDK release, the "certificate_authorities" extension is
8e26b0
supported for TLS 1.3 in both the client and the server sides.  This
8e26b0
extension is always present for client certificate selection, while it
8e26b0
is optional for server certificate selection.
8e26b0
8e26b0
Applications can enable this extension for server certificate
8e26b0
selection by setting the `jdk.tls.client.enableCAExtension` system
8e26b0
property to `true`.  The default value of the property is `false`.
8e26b0
8e26b0
Note that if the client trusts more CAs than the size limit of the
8e26b0
extension (less than 2^16 bytes), the extension is not enabled.  Also,
8e26b0
some server implementations do not allow handshake messages to exceed
8e26b0
2^14 bytes.  Consequently, there may be interoperability issues when
8e26b0
`jdk.tls.client.enableCAExtension` is set to `true` and the client
8e26b0
trusts more CAs than the server implementation limit.
8e26b0
2b8175
New in release OpenJDK 8u292 (2021-04-20):
2b8175
===========================================
2b8175
Live versions of these release notes can be found at:
2b8175
  * https://bitly.com/openjdk8u292
2b8175
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
2b8175
2b8175
* Security fixes
2b8175
  - JDK-8227467: Better class method invocations
2b8175
  - JDK-8244473: Contextualize registration for JNDI
2b8175
  - JDK-8244543: Enhanced handling of abstract classes
2b8175
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
2b8175
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
2b8175
  - JDK-8253799: Make lists of normal filenames
2b8175
* Other changes
2b8175
  - JDK-6345095: regression test EmptyClipRenderingTest fails
2b8175
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
2b8175
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
2b8175
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
2b8175
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
2b8175
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
2b8175
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
2b8175
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
2b8175
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
2b8175
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
2b8175
  - JDK-8038723: Openup some PrinterJob tests
2b8175
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
2b8175
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
2b8175
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
2b8175
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
2b8175
  - JDK-8078450: Implement consistent process for quarantine of tests
2b8175
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
2b8175
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
2b8175
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
2b8175
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
2b8175
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
2b8175
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
2b8175
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
2b8175
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
2b8175
  - JDK-8160217: JavaSound should clean up resources better
2b8175
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
2b8175
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
2b8175
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
2b8175
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
2b8175
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
2b8175
  - JDK-8191915: JCK tests produce incorrect results with C2
2b8175
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
2b8175
  - JDK-8202343: Disable TLS 1.0 and 1.1
2b8175
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
2b8175
  - JDK-8211301: [macos] support full window content options
2b8175
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
2b8175
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
2b8175
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
2b8175
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
2b8175
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
2b8175
  - JDK-8223186: HotSpot compile warnings from GCC 9
2b8175
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
2b8175
  - JDK-8225805: Java Access Bridge does not close the logger
2b8175
  - JDK-8226899: Problemlist compiler/rtm tests
2b8175
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
2b8175
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
2b8175
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
2b8175
  - JDK-8230388: Problemlist additional compiler/rtm tests
2b8175
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
2b8175
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
2b8175
  - JDK-8234728: Some security tests should support TLSv1.3
2b8175
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
2b8175
  - JDK-8235311: Tag mismatch may alert bad_record_mac
2b8175
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
2b8175
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
2b8175
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
2b8175
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
2b8175
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
2b8175
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
2b8175
  - JDK-8242141: New System Properties to configure the TLS signature schemes
2b8175
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
2b8175
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
2b8175
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
2b8175
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
2b8175
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
2b8175
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
2b8175
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
2b8175
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
2b8175
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
2b8175
  - JDK-8253368: TLS connection always receives close_notify exception
2b8175
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
2b8175
  - JDK-8253932: SSL debug log prints incorrect caller info
2b8175
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
2b8175
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
2b8175
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
2b8175
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
2b8175
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
2b8175
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
2b8175
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
2b8175
  - JDK-8256682: JDK-8202343 is incomplete
2b8175
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
2b8175
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
2b8175
  - JDK-8258247: Couple of issues in fix for JDK-8249906
2b8175
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
2b8175
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
2b8175
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
2b8175
  - JDK-8258933: G1 needs klass_or_null_acquire
2b8175
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
2b8175
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
2b8175
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
2b8175
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
2b8175
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
2b8175
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
2b8175
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
2b8175
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
2b8175
  - JDK-8261183: Follow on to Make lists of normal filenames
2b8175
  - JDK-8261231: Windows IME was disabled after DnD operation
2b8175
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
2b8175
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
2b8175
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
2b8175
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
2b8175
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
2b8175
* Shenandoah
2b8175
  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
2b8175
  - Revert differences against upstream 8u
2b8175
  - [backport] 8202976: Add C1 lea patching support for x86
2b8175
  - [backport] 8221507: Implement JFR Events for Shenandoah
2b8175
  - [backport] 8224573: Fix windows build after JDK-8221507
2b8175
  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
2b8175
  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
2b8175
  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
2b8175
  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
2b8175
  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
2b8175
  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
2b8175
  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
2b8175
  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
2b8175
  - [backport] 8233574: Shenandoah: build is broken without jfr
2b8175
  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
2b8175
  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
2b8175
  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
2b8175
  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
2b8175
  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
2b8175
  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
2b8175
  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
2b8175
  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
2b8175
  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
2b8175
  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
2b8175
  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
2b8175
  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
2b8175
  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
2b8175
  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
2b8175
  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
2b8175
  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
2b8175
  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
2b8175
  - Fix register allocation for thread register is 32bit LRB
2b8175
  - Fix Shenandoah bindings in ADLC formssel
2b8175
  - Shenandoah: Backed out weak roots cleaning during full gc
2b8175
2b8175
Notes on individual issues:
2b8175
===========================
2b8175
2b8175
security-libs/java.security:
2b8175
2b8175
JDK-8260597: Added 2 HARICA Root CA Certificates
2b8175
================================================
2b8175
2b8175
The following root certificates have been added to the cacerts truststore:
2b8175
2b8175
Alias Name: haricarootca2015
2b8175
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
2b8175
2b8175
Alias Name: haricaeccrootca2015
2b8175
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
2b8175
2b8175
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
2b8175
===================================================================================
2b8175
Weak named curves are disabled by default by adding them to the
2b8175
following `disabledAlgorithms` security properties:
2b8175
2b8175
* jdk.tls.disabledAlgorithms
2b8175
* jdk.certpath.disabledAlgorithms
2b8175
* jdk.jar.disabledAlgorithms
2b8175
2b8175
Red Hat has always disabled many of the curves provided by upstream,
2b8175
so the only addition in this release is:
2b8175
2b8175
* secp256k1
2b8175
2b8175
The curves that remain enabled are:
2b8175
2b8175
* secp256r1
2b8175
* secp384r1
2b8175
* secp521r1
2b8175
* X25519
2b8175
* X448
2b8175
2b8175
When large numbers of weak named curves need to be disabled, adding
2b8175
individual named curves to each `disabledAlgorithms` property would be
2b8175
overwhelming. To relieve this, a new security property,
2b8175
`jdk.disabled.namedCurves`, is implemented that can list the named
2b8175
curves common to all of the `disabledAlgorithms` properties. To use
2b8175
the new property in the `disabledAlgorithms` properties, precede the
2b8175
full property name with the keyword `include`.  Users can still add
2b8175
individual named curves to `disabledAlgorithms` properties separate
2b8175
from this new property.  No other properties can be included in the
2b8175
`disabledAlgorithms` properties.
2b8175
2b8175
To restore the named curves, remove the `include
2b8175
jdk.disabled.namedCurves` either from specific or from all
2b8175
`disabledAlgorithms` security properties. To restore one or more
2b8175
curves, remove the specific named curve(s) from the
2b8175
`jdk.disabled.namedCurves` property.
2b8175
2b8175
JDK-8244286: Tools Warn If Weak Algorithms Are Used
2b8175
===================================================
2b8175
The `keytool` and `jarsigner` tools have been updated to warn users
2b8175
when weak cryptographic algorithms are used in keys, certificates, and
2b8175
signed JARs before they are disabled. The weak algorithms are set in
2b8175
the `jdk.security.legacyAlgorithms` security property in the
2b8175
`java.security` configuration file. In this release, the tools issue
2b8175
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
2b8175
2b8175
security-libs/javax.net.ssl:
2b8175
2b8175
JDK-8256490: Disable TLS 1.0 and 1.1
2b8175
====================================
2b8175
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
2b8175
considered secure and have been superseded by more secure and modern
2b8175
versions (TLS 1.2 and 1.3).
2b8175
2b8175
These versions have now been disabled by default. If you encounter
2b8175
issues, you can, at your own risk, re-enable the versions by removing
2b8175
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
2b8175
security property in the `java.security` configuration file.
2b8175
2b8175
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
2b8175
=========================================================================
2b8175
Two new system properties have been added to customize the TLS
2b8175
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
2b8175
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
2b8175
has been added for the server side.
2b8175
2b8175
Each system property contains a comma-separated list of supported
2b8175
signature scheme names specifying the signature schemes that could be
2b8175
used for the TLS connections.
2b8175
2b8175
The names are described in the "Signature Schemes" section of the
2b8175
*Java Security Standard Algorithm Names Specification*.
2b8175
2b8175
tools/javac:
2b8175
2b8175
JDK-8177368: Several incorporation steps are silently failing when an error should be reported
2b8175
==============================================================================================
2b8175
Reporting previously silent errors found during incorporation, JLS
2b8175
8ยง18.3, was supposed to be a clean-up with performance only
2b8175
implications. But consider the test case:
2b8175
2b8175
import java.util.Arrays;
2b8175
import java.util.List;
2b8175
2b8175
class Klass {
2b8175
  public static  List<List<A>> foo(List... lists) {
2b8175
    return foo(Arrays.asList(lists));
2b8175
    }
2b8175
2b8175
  public static  List<List<B>> foo(List> lists) {
2b8175
    return null;
2b8175
  }
2b8175
}
2b8175
2b8175
This code was not accepted before the patch for [1], but after this
2b8175
patch the compiler is accepting it. Accepting this code is the right
2b8175
behavior as not reporting incorporation errors was a bug in the
2b8175
compiler.  While determining the applicability of method: 
2b8175
List<List<B>> foo(List> lists) for which
2b8175
we have the constraints: b <: Object t <: List t<:Object
2b8175
List <: t first, inference variable b is selected for
2b8175
instantiation: b = CAP1 of ? extends A so this implies that: t <:
2b8175
List t<: Object List <: t
2b8175
2b8175
Now all the bounds are checked for consistency. While checking if
2b8175
List is a subtype of List
2b8175
a bound error is reported. Before the compiler was just swallowing
2b8175
it. As now the error is reported while inference variable b is being
2b8175
instantiated, the bound set is rolled back to it's initial state, 'b'
2b8175
is instantiated to Object, and with this instantiation the constraint
2b8175
set is solvable, the method is applicable, it's the only applicable
2b8175
one and the code is accepted as correct. The compiler behavior in this
2b8175
case is defined at JLS 8 ยง18.4
2b8175
2b8175
This fix has source compatibility impact, right now code that wasn't
2b8175
being accepted is now being accepted by the javac compiler. Currently
2b8175
there are no reports of any other kind of incompatibility.
2b8175
2b8175
[1] https://bugs.openjdk.java.net/browse/JDK-8078024
2b8175
5d19fd
New in release OpenJDK 8u282 (2021-01-19):
5d19fd
===========================================
5d19fd
Live versions of these release notes can be found at:
5d19fd
  * https://bitly.com/openjdk8u282
5d19fd
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
5d19fd
5d19fd
* Security fixes
5d19fd
  - JDK-8247619: Improve Direct Buffering of Characters
5d19fd
* Other changes
5d19fd
  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
5d19fd
  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
5d19fd
  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
5d19fd
  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
5d19fd
  - JDK-8030350: Enable additional compiler warnings for GCC
5d19fd
  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
5d19fd
  - JDK-8036122: Fix warning 'format not a string literal'
5d19fd
  - JDK-8039279: Move awt tests to openjdk repository
5d19fd
  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
5d19fd
  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
5d19fd
  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
5d19fd
  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
5d19fd
  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
5d19fd
  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
5d19fd
  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
5d19fd
  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
5d19fd
  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
5d19fd
  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
5d19fd
  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
5d19fd
  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
5d19fd
  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
5d19fd
  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
5d19fd
  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
5d19fd
  - JDK-8051440: move tests about maximizing undecorated to OpenJDK
5d19fd
  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
5d19fd
  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
5d19fd
  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
5d19fd
  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
5d19fd
  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
5d19fd
  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
5d19fd
  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
5d19fd
  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
5d19fd
  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
5d19fd
  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
5d19fd
  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
5d19fd
  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
5d19fd
  - JDK-8062808: Turn on the -Wreturn-type warning
5d19fd
  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
5d19fd
  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
5d19fd
  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
5d19fd
  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
5d19fd
  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
5d19fd
  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
5d19fd
  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
5d19fd
  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
5d19fd
  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
5d19fd
  - JDK-8068275: Some tests failed after JDK-8063104
5d19fd
  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
5d19fd
  - JDK-8074807: Fix some tests unnecessary using internal API
5d19fd
  - JDK-8076315: move 4 manual functional swing tests to regression suite
5d19fd
  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
5d19fd
  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
5d19fd
  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
5d19fd
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
5d19fd
  - JDK-8148916: Mark bug6400879.java as intermittently failing
5d19fd
  - JDK-8148983: Fix extra comma in changes for JDK-8148916
5d19fd
  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
5d19fd
  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
5d19fd
  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
5d19fd
  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
5d19fd
  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
5d19fd
  - JDK-8165808: Add release barriers when allocating objects with concurrent collection
5d19fd
  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
5d19fd
  - JDK-8166583: Add oopDesc::klass_or_null_acquire()
5d19fd
  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful
5d19fd
  - JDK-8166862: CMS needs klass_or_null_acquire
5d19fd
  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
5d19fd
  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
5d19fd
  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
5d19fd
  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
5d19fd
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
5d19fd
  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
5d19fd
  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
5d19fd
  - JDK-8207766: [testbug] Adapt tests for Aix.
5d19fd
  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
5d19fd
  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
5d19fd
  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
5d19fd
  - JDK-8217362: Emergency dump does not work when disk=false is set
5d19fd
  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations
5d19fd
  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
5d19fd
  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
5d19fd
  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
5d19fd
  - JDK-8220657: JFR.dump does not work when filename is set
5d19fd
  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
5d19fd
  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
5d19fd
  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing
5d19fd
  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
5d19fd
  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
5d19fd
  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
5d19fd
  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
5d19fd
  - JDK-8229868: Update Apache Santuario TPRM version
5d19fd
  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
5d19fd
  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
5d19fd
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
5d19fd
  - JDK-8233548: Update CUP to v0.11b
5d19fd
  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
5d19fd
  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
5d19fd
  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
5d19fd
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
5d19fd
  - JDK-8242335: Additional Tests for RSASSA-PSS
5d19fd
  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
5d19fd
  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
5d19fd
  - JDK-8245400: Upgrade to LittleCMS 2.11
5d19fd
  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
5d19fd
  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
5d19fd
  - JDK-8249176: Update GlobalSignR6CA test certificates
5d19fd
  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
5d19fd
  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
5d19fd
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
5d19fd
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
5d19fd
  - JDK-8251365: Build failure on AIX after 8250636
5d19fd
  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
5d19fd
  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
5d19fd
  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
5d19fd
  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
5d19fd
  - JDK-8252497: Incorrect numeric currency code for ROL
5d19fd
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
5d19fd
  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
5d19fd
  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
5d19fd
  - JDK-8253036: Support building the Zero assembler port on AArch64
5d19fd
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
5d19fd
  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
5d19fd
  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
5d19fd
  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
5d19fd
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
5d19fd
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
5d19fd
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
5d19fd
  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
5d19fd
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
5d19fd
  - JDK-8255003: Build failures on Solaris
5d19fd
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
5d19fd
  - JDK-8255269: Unsigned overflow in g1Policy.cpp
5d19fd
  - JDK-8255603: Memory/Performance regression after JDK-8210985
5d19fd
  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
5d19fd
  - JDK-8256618: Zero: Linux x86_32 build still fails
5d19fd
  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
5d19fd
  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
5d19fd
  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
5d19fd
  - JDK-8258630: Add expiry exception for QuoVadis root certificate
5d19fd
* AArch64 port
5d19fd
  - Fix AArch64 build failure after JDK-8062808 backport
5d19fd
* Shenandoah
5d19fd
  - Fix racy update of code roots
5d19fd
5d19fd
Notes on individual issues:
5d19fd
===========================
5d19fd
5d19fd
security-libs/javax.xml.crypto:
5d19fd
5d19fd
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
5d19fd
===========================================================================
5d19fd
The XML Signature implementation in the `java.xml.crypto` module has
5d19fd
been updated to version 2.1.3 of Apache Santuario. New features
5d19fd
include:
5d19fd
5d19fd
* Added support for embedding elliptic curve public keys in the
5d19fd
  KeyValue element
5d19fd
7687d9
New in release OpenJDK 8u275 (2020-11-05):
7687d9
===========================================
7687d9
Live versions of these release notes can be found at:
7687d9
  * https://bitly.com/openjdk8u275
7687d9
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
7687d9
7687d9
* Regression fixes
7687d9
  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
7687d9
  - JDK-8223940: Private key not supported by chosen signature algorithm
7687d9
  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
7687d9
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
7687d9
fad0a1
New in release OpenJDK 8u272 (2020-10-20):
fad0a1
===========================================
fad0a1
Live versions of these release notes can be found at:
fad0a1
  * https://bitly.com/openjdk8u272
fad0a1
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
fad0a1
fad0a1
* New features
fad0a1
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
fad0a1
* Security fixes
fad0a1
  - JDK-8233624: Enhance JNI linkage
fad0a1
  - JDK-8236196: Improve string pooling
fad0a1
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
fad0a1
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
fad0a1
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
fad0a1
  - JDK-8240124: Better VM Interning
fad0a1
  - JDK-8241114, CVE-2020-14792: Better range handling
fad0a1
  - JDK-8242680, CVE-2020-14796: Improved URI Support
fad0a1
  - JDK-8242685, CVE-2020-14797: Better Path Validation
fad0a1
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
fad0a1
  - JDK-8243302: Advanced class supports
fad0a1
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
fad0a1
  - JDK-8244479: Further constrain certificates
fad0a1
  - JDK-8244955: Additional Fix for JDK-8240124
fad0a1
  - JDK-8245407: Enhance zoning of times
fad0a1
  - JDK-8245412: Better class definitions
fad0a1
  - JDK-8245417: Improve certificate chain handling
fad0a1
  - JDK-8248574: Improve jpeg processing
fad0a1
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
fad0a1
  - JDK-8253019: Enhanced JPEG decoding
fad0a1
* Other changes
fad0a1
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
fad0a1
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
fad0a1
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
fad0a1
  - JDK-8025886: replace [[ and == bash extensions in regtest
fad0a1
  - JDK-8026236: Add PrimeTest for BigInteger
fad0a1
  - JDK-8031625: javadoc problems referencing inner class constructors
fad0a1
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
fad0a1
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
fad0a1
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
fad0a1
  - JDK-8046274: Removing dependency on jakarta-regexp
fad0a1
  - JDK-8048933: -XX:+TraceExceptions output should include the message
fad0a1
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
fad0a1
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
fad0a1
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
fad0a1
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
fad0a1
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
fad0a1
  - JDK-8075774: Small readability and performance improvements for zipfs
fad0a1
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
fad0a1
  - JDK-8078334: Mark regression tests using randomness
fad0a1
  - JDK-8078880: Mark a few more intermittently failuring security-libs
fad0a1
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
fad0a1
  - JDK-8132206: move ScanTest.java into OpenJDK
fad0a1
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
fad0a1
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
fad0a1
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
fad0a1
  - JDK-8144539: Update PKCS11 tests to run with security manager
fad0a1
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
fad0a1
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
fad0a1
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
fad0a1
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
fad0a1
  - JDK-8151788: NullPointerException from ntlm.Client.type3
fad0a1
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
fad0a1
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
fad0a1
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
fad0a1
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
fad0a1
  - JDK-8154313: Generated javadoc scattered all over the place
fad0a1
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
fad0a1
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
fad0a1
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
fad0a1
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
fad0a1
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
fad0a1
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
fad0a1
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
fad0a1
  - JDK-8167300: Scheduling failures during gcm should be fatal
fad0a1
  - JDK-8167615: Opensource unit/regression tests for JavaSound
fad0a1
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
fad0a1
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
fad0a1
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
fad0a1
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
fad0a1
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
fad0a1
  - JDK-8177628: Opensource unit/regression tests for ImageIO
fad0a1
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
fad0a1
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
fad0a1
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
fad0a1
  - JDK-8184762: ZapStackSegments should use optimized memset
fad0a1
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
fad0a1
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
fad0a1
  - JDK-8193137: Nashorn crashes when given an empty script file
fad0a1
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
fad0a1
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
fad0a1
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
fad0a1
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
fad0a1
  - JDK-8201633: Problems with AES-GCM native acceleration
fad0a1
  - JDK-8203357: Container Metrics
fad0a1
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
fad0a1
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
fad0a1
  - JDK-8211049: Second parameter of "initialize" method is not used
fad0a1
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
fad0a1
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
fad0a1
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
fad0a1
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
fad0a1
  - JDK-8217606: LdapContext#reconnect always opens a new connection
fad0a1
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
fad0a1
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
fad0a1
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
fad0a1
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
fad0a1
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
fad0a1
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
fad0a1
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
fad0a1
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
fad0a1
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
fad0a1
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
fad0a1
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
fad0a1
  - JDK-8224217: RecordingInfo should use textual representation of path
fad0a1
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
fad0a1
  - JDK-8226575: OperatingSystemMXBean should be made container aware
fad0a1
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
fad0a1
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
fad0a1
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
fad0a1
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
fad0a1
  - JDK-8230303: JDB hangs when running monitor command
fad0a1
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
fad0a1
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
fad0a1
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
fad0a1
  - JDK-8233097: Fontmetrics for large Fonts has zero width
fad0a1
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
fad0a1
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
fad0a1
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
fad0a1
  - JDK-8235325: build failure on Linux after 8235243
fad0a1
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
fad0a1
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
fad0a1
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
fad0a1
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
fad0a1
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238898: Missing hash characters for header on license file
fad0a1
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
fad0a1
  - JDK-8239819: XToolkit: Misread of screen information memory
fad0a1
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
fad0a1
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
fad0a1
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
fad0a1
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
fad0a1
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
fad0a1
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
fad0a1
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
fad0a1
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
fad0a1
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
fad0a1
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
fad0a1
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
fad0a1
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
fad0a1
  - JDK-8245469: Remove DTLS protocol implementation
fad0a1
  - JDK-8245470: Fix JDK8 compatibility issues
fad0a1
  - JDK-8245471: Revert JDK-8148188
fad0a1
  - JDK-8245472: Backport JDK-8038893 to JDK8
fad0a1
  - JDK-8245473: OCSP stapling support
fad0a1
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
fad0a1
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
fad0a1
  - JDK-8245477: Adjust TLS tests location
fad0a1
  - JDK-8245653: Remove 8u TLS tests
fad0a1
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
fad0a1
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
fad0a1
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
fad0a1
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
fad0a1
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
fad0a1
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
fad0a1
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
fad0a1
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
fad0a1
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
fad0a1
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
fad0a1
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
fad0a1
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
fad0a1
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
fad0a1
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
fad0a1
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
fad0a1
  - JDK-8251341: Minimal Java specification change
fad0a1
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
fad0a1
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
fad0a1
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
fad0a1
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
fad0a1
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
fad0a1
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
fad0a1
  - JDK-8254937: Revert JDK-8148854 for 8u272
fad0a1
fad0a1
Notes on individual issues:
fad0a1
===========================
fad0a1
fad0a1
core-svc/java.lang.management:
fad0a1
fad0a1
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
fad0a1
============================================================================================
fad0a1
When executing in a container, or other virtualized operating
fad0a1
environment, the following `OperatingSystemMXBean` methods in this
fad0a1
release return container specific information, if
fad0a1
available. Otherwise, they return host specific data:
fad0a1
fad0a1
* getFreePhysicalMemorySize()
fad0a1
* getTotalPhysicalMemorySize()
fad0a1
* getFreeSwapSpaceSize()
fad0a1
* getTotalSwapSpaceSize()
fad0a1
* getSystemCpuLoad()
fad0a1
fad0a1
security-libs/java.security:
fad0a1
fad0a1
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
fad0a1
========================================================================
fad0a1
The Entrust root certificate has been added to the cacerts truststore:
fad0a1
fad0a1
Alias Name: entrustrootcag4
fad0a1
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
fad0a1
fad0a1
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
fad0a1
=========================================================
fad0a1
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
fad0a1
fad0a1
Alias Name: sslrootrsaca
fad0a1
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
Alias Name: sslrootevrsaca
fad0a1
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
Alias Name: sslrooteccca
fad0a1
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
security-libs/javax.crypto:pkcs11:
fad0a1
fad0a1
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
fad0a1
=======================================================================
fad0a1
The SunPKCS11 provider has been updated with support for PKCS#11
fad0a1
v2.40. This version adds support for more algorithms such as the
fad0a1
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
fad0a1
digests, and RSASSA-PSS signatures when the corresponding PKCS11
fad0a1
mechanisms are supported by the underlying PKCS11 library.
fad0a1
fad0a1
security-libs/javax.security:
fad0a1
fad0a1
JDK-8242059: Support for canonicalize in krb5.conf
fad0a1
==================================================
fad0a1
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
fad0a1
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
fad0a1
canonicalization is requested by clients in TGT requests to KDC
fad0a1
services (AS protocol). Otherwise, and by default, it is not
fad0a1
requested.
fad0a1
fad0a1
The new default behavior is different from previous releases where
fad0a1
name canonicalization was always requested by clients in TGT requests
fad0a1
to KDC services (provided that support for RFC 6806[1] was not
fad0a1
explicitly disabled with the *sun.security.krb5.disableReferrals*
fad0a1
system or security properties).
fad0a1
fad0a1
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
fad0a1
[1]: https://tools.ietf.org/html/rfc6806
fad0a1
fad0a1
security-libs/javax.xml.crypto:
fad0a1
fad0a1
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
fad0a1
=====================================================================
fad0a1
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
fad0a1
fad0a1
New features include:
fad0a1
fad0a1
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
fad0a1
in RFC 6931.
fad0a1
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
fad0a1
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
fad0a1
fad0a1
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
fad0a1
============================================================================================================
fad0a1
The upgrade to the Apache Santuario libraries (see above) introduced
fad0a1
an issue where XML signature using Base64 encoding resulted in
fad0a1
appending `&#xd` or `&#13` to the encoded output. This behavioural
fad0a1
change was made in the Apache Santuario codebase to comply with RFC
fad0a1
2045. The Santuario team has adopted a position of keeping their
fad0a1
libraries compliant with RFC 2045.
fad0a1
fad0a1
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
fad0a1
data in a format without `&#xd` or `&#13`.
fad0a1
fad0a1
Therefore a new system property, specific to the 8 update stream,
fad0a1
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
fad0a1
available to fall back to the legacy Base64 encoded format.
fad0a1
fad0a1
Users can set this flag in one of two ways:
fad0a1
fad0a1
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
fad0a1
fad0a1
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
fad0a1
fad0a1
This new system property is disabled by default. It has no effect on
fad0a1
default behaviour nor when
fad0a1
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
fad0a1
is set.
fad0a1
fad0a1
Later JDK family versions will only support the recommended property:
fad0a1
fad0a1
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
fad0a1
fad0a1
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
fad0a1
====================================================================
fad0a1
Following JDK's update to tzdata2020b, the long-obsolete files
fad0a1
pacificnew and systemv have been removed. As a result, the
fad0a1
"US/Pacific-New" zone name declared in the pacificnew data file is no
fad0a1
longer available for use.
fad0a1
fad0a1
Information regarding the update can be viewed at
fad0a1
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
fad0a1
de9045
New in release OpenJDK 8u265 (2020-07-27):
de9045
===========================================
de9045
Live versions of these release notes can be found at:
de9045
  * https://bitly.com/openjdk8u265
de9045
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
de9045
de9045
* Bug fixes
de9045
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
de9045
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
de9045
0382ac
New in release OpenJDK 8u262 (2020-07-14):
0382ac
===========================================
0382ac
Live versions of these release notes can be found at:
0382ac
  * https://bitly.com/oj8u262
0382ac
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
0382ac
0382ac
* New features
0382ac
  - JDK-8223147: JFR Backport
0382ac
* Security fixes
0382ac
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
0382ac
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
0382ac
  - JDK-8230613: Better ASCII conversions
0382ac
  - JDK-8231800: Better listing of arrays
0382ac
  - JDK-8232014: Expand DTD support
0382ac
  - JDK-8233255: Better Swing Buttons
0382ac
  - JDK-8234032: Improve basic calendar services
0382ac
  - JDK-8234042: Better factory production of certificates
0382ac
  - JDK-8234418: Better parsing with CertificateFactory
0382ac
  - JDK-8234836: Improve serialization handling
0382ac
  - JDK-8236191: Enhance OID processing
0382ac
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
0382ac
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
0382ac
  - JDK-8238002, CVE-2020-14581: Better matrix operations
0382ac
  - JDK-8238804: Enhance key handling process
0382ac
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
0382ac
  - JDK-8238843: Enhanced font handing
0382ac
  - JDK-8238920, CVE-2020-14583: Better Buffer support
0382ac
  - JDK-8238925: Enhance WAV file playback
0382ac
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
0382ac
  - JDK-8240482: Improved WAV file playback
0382ac
  - JDK-8241379: Update JCEKS support
0382ac
  - JDK-8241522: Manifest improved jar headers redux
0382ac
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
0382ac
* Other changes
0382ac
  - JDK-4949105: Access Bridge lacks html tags parsing
0382ac
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
0382ac
  - JDK-8003209: JFR events for network utilization
0382ac
  - JDK-8030680: 292 cleanup from default method code assessment
0382ac
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
0382ac
  - JDK-8037866: Replace the Fun class in tests with lambdas
0382ac
  - JDK-8041626: Shutdown tracing event
0382ac
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
0382ac
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
0382ac
  - JDK-8076475: Misuses of strncpy/strncat
0382ac
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
0382ac
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
0382ac
  - JDK-8146612: C2: Precedence edges specification violated
0382ac
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
0382ac
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
0382ac
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
0382ac
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
0382ac
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
0382ac
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
0382ac
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
0382ac
  - JDK-8176182: 4 security tests are not run
0382ac
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
0382ac
  - JDK-8178910: Problemlist sample tests
0382ac
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
0382ac
  - JDK-8183925: Decouple crash protection from watcher thread
0382ac
  - JDK-8191393: Random crashes during cfree+0x1c
0382ac
  - JDK-8195817: JFR.stop should require name of recording
0382ac
  - JDK-8195818: JFR.start should increase autogenerated name by one
0382ac
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
0382ac
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
0382ac
  - JDK-8199712: Flight Recorder
0382ac
  - JDK-8202578: Revisit location for class unload events
0382ac
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
0382ac
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
0382ac
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
0382ac
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
0382ac
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
0382ac
  - JDK-8203929: Limit amount of data for JFR.dump
0382ac
  - JDK-8205516: JFR tool
0382ac
  - JDK-8207392: [PPC64] Implement JFR profiling
0382ac
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
0382ac
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
0382ac
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
0382ac
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
0382ac
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
0382ac
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
0382ac
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
0382ac
  - JDK-8213421: Line number information for execution samples always 0
0382ac
  - JDK-8213617: JFR should record the PID of the recorded process
0382ac
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
0382ac
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
0382ac
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
0382ac
  - JDK-8213966: The ZGC JFR events should be marked as experimental
0382ac
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
0382ac
  - JDK-8214750: Unnecessary 

tags in jfr classes

0382ac
  - JDK-8214896: JFR Tool left files behind
0382ac
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
0382ac
  - JDK-8214925: JFR tool fails to execute
0382ac
  - JDK-8215175: Inconsistencies in JFR event metadata
0382ac
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
0382ac
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
0382ac
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
0382ac
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
0382ac
  - JDK-8215771: The jfr tool should pretty print reference chains
0382ac
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
0382ac
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
0382ac
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
0382ac
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
0382ac
  - JDK-8216578: Remove unused/obsolete method in JFR code
0382ac
  - JDK-8216995: Clean up JFR command line processing
0382ac
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
0382ac
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
0382ac
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
0382ac
  - JDK-8220293: Deadlock in JFR string pool
0382ac
  - JDK-8223689: Add JFR Thread Sampling Support
0382ac
  - JDK-8223690: Add JFR BiasedLock Event Support
0382ac
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
0382ac
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
0382ac
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
0382ac
  - JDK-8224475: JTextPane does not show images in HTML rendering
0382ac
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
0382ac
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
0382ac
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
0382ac
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
0382ac
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
0382ac
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
0382ac
  - JDK-8227269: Slow class loading when running with JDWP
0382ac
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
0382ac
  - JDK-8229366: JFR backport allows unchecked writing to memory
0382ac
  - JDK-8229401: Fix JFR code cache test failures
0382ac
  - JDK-8229708: JFR backport code does not initialize
0382ac
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
0382ac
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
0382ac
  - JDK-8229899: Make java.io.File.isInvalid() less racy
0382ac
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
0382ac
  - JDK-8230597: Update GIFlib library to the 5.2.1
0382ac
  - JDK-8230707: JFR related tests are failing
0382ac
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
0382ac
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
0382ac
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
0382ac
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
0382ac
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
0382ac
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
0382ac
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
0382ac
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
0382ac
  - JDK-8233880: Support compilers with multi-digit major version numbers
0382ac
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
0382ac
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
0382ac
  - JDK-8236074: Missed package-info
0382ac
  - JDK-8236174: Should update javadoc since tags
0382ac
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
0382ac
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
0382ac
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
0382ac
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
0382ac
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
0382ac
  - JDK-8238590: Enable JFR by default during compilation in 8u
0382ac
  - JDK-8239055: Wrong implementation of VMState.hasListener
0382ac
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
0382ac
  - JDK-8239479: minimal1 and zero builds are failing
0382ac
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
0382ac
  - JDK-8239867: correct over use of INCLUDE_JFR macro
0382ac
  - JDK-8240375: Disable JFR by default for July 2020 release
0382ac
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
0382ac
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
0382ac
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
0382ac
  - JDK-8241750: x86_32 build failure after JDK-8227269
0382ac
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
0382ac
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
0382ac
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
0382ac
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
0382ac
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
0382ac
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
0382ac
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
0382ac
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
0382ac
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
0382ac
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
0382ac
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
0382ac
  - JDK-8244843: JapanEraNameCompatTest fails
0382ac
  - JDK-8245167: Top package in method profiling shows null in JMC
0382ac
  - JDK-8246223: Windows build fails after JDK-8227269
0382ac
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
0382ac
  - JDK-8248399: Build installs jfr binary when JFR is disabled
0382ac
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
0382ac
0382ac
Notes on individual issues:
0382ac
===========================
0382ac
0382ac
hotspot/jfr:
0382ac
0382ac
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
0382ac
=========================================================
0382ac
0382ac
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
0382ac
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
0382ac
0382ac
JFR is a low-overhead framework to collect and provide data helpful to
0382ac
troubleshoot the performance of the OpenJDK runtime and of Java
0382ac
applications. It consists of a new API to define custom events under
0382ac
the jdk.jfr namespace and a JMX interface to interact with the
0382ac
framework. The recording can also be initiated with the application
0382ac
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
0382ac
the +XX:EnableTracing feature introduced in JEP 167, providing a more
0382ac
efficient way to retrieve the same information. For compatibility
0382ac
reasons, +XX:EnableTracing is still accepted, however no data will be
0382ac
printed.
0382ac
0382ac
While JFR is not built by default upstream, it is included in Red Hat
0382ac
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
0382ac
0382ac
hotspot/runtime:
0382ac
0382ac
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
0382ac
=========================================================================================
0382ac
0382ac
JFR will be disabled with a warning message if it is enabled during
0382ac
CDS dumping. The user will see the following warning message:
0382ac
0382ac
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
0382ac
0382ac
if JFR is enabled during CDS dumping such as in the following command
0382ac
line:
0382ac
0382ac
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
0382ac
0382ac
security-libs/java.security:
0382ac
0382ac
JDK-8244167: Removal of Comodo Root CA Certificate
0382ac
==================================================
0382ac
0382ac
The following expired Comodo root CA certificate was removed from the
0382ac
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
0382ac
0382ac
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
0382ac
0382ac
JDK-8244166: Removal of DocuSign Root CA Certificate
0382ac
====================================================
0382ac
0382ac
The following expired DocuSign root CA certificate was removed from
0382ac
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
0382ac
0382ac
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
0382ac
0382ac
security-libs/javax.crypto:pkcs11:
0382ac
0382ac
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
0382ac
============================================================================================================================
0382ac
0382ac
The SunPKCS11 security provider can now be initialized with NSS when
0382ac
FIPS-enabled external modules are configured in the Security Modules
0382ac
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
0382ac
throw a RuntimeException with the message: "FIPS flag set for
0382ac
non-internal module" when such a library was configured for NSS in
0382ac
non-FIPS mode.
0382ac
0382ac
This change allows the JDK to work properly with recent NSS releases
0382ac
on GNU/Linux operating systems when the system-wide FIPS policy is
0382ac
turned on.
0382ac
0382ac
Further information can be found in JDK-8238555.
0382ac
d92b92
New in release OpenJDK 8u252 (2020-04-14):
d92b92
===========================================
d92b92
Live versions of these release notes can be found at:
d92b92
  * https://bitly.com/oj8u252
d92b92
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
d92b92
d92b92
* Security fixes
d92b92
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
d92b92
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
d92b92
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
d92b92
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
d92b92
  - JDK-8225603: Enhancement for big integers
d92b92
  - JDK-8227542: Manifest improved jar headers
d92b92
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
d92b92
  - JDK-8233250: Better X11 rendering
d92b92
  - JDK-8233410: Better Build Scripting
d92b92
  - JDK-8234027: Better JCEKS key support
d92b92
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
d92b92
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
d92b92
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
d92b92
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
d92b92
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
d92b92
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
d92b92
* Other changes
d92b92
  - JDK-8005819: Support cross-realm MSSFU
d92b92
  - JDK-8022263: use same Clang warnings on BSD as on Linux
d92b92
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
d92b92
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
d92b92
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
d92b92
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
d92b92
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
d92b92
  - JDK-8132130: some docs cleanup
d92b92
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
d92b92
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
d92b92
  - JDK-8144446: Automate the Marlin crash test
d92b92
  - JDK-8144526: Remove Marlin logging use of deleted internal API
d92b92
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
d92b92
  - JDK-8144654: Improve Marlin logging
d92b92
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
d92b92
  - JDK-8166976: TestCipherPBECons has wrong @run line
d92b92
  - JDK-8167409: Invalid value passed to critical JNI function
d92b92
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
d92b92
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
d92b92
  - JDK-8191227: issues with unsafe handle resolution
d92b92
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
d92b92
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
d92b92
  - JDK-8215756: Memory leaks in the AWT on macOS
d92b92
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
d92b92
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
d92b92
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
d92b92
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
d92b92
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
d92b92
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
d92b92
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
d92b92
  - JDK-8229872: (fs) Increase buffer size used with getmntent
d92b92
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
d92b92
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
d92b92
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
d92b92
  - JDK-8235904: Infinite loop when rendering huge lines
d92b92
  - JDK-8236179: C1 register allocation error with T_ADDRESS
d92b92
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
d92b92
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
d92b92
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
d92b92
  - JDK-8241307: Marlin renderer should not be the default in 8u252
d92b92
d92b92
Notes on individual issues:
d92b92
===========================
d92b92
d92b92
hotspot/svc:
d92b92
d92b92
JDK-8174881: Binary format for HPROF updated 
d92b92
============================================
d92b92
d92b92
When dumping the heap in binary format, HPROF format 1.0.2 is always
d92b92
used now. Previously, format 1.0.1 was used for heaps smaller than
d92b92
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
d92b92
serviceability agent.
d92b92
d92b92
security-libs/java.security:
d92b92
d92b92
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
d92b92
====================================================================================
d92b92
d92b92
The SunRsaSign and SunJCE providers have been enhanced with support
d92b92
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
d92b92
signature and OAEP using FIPS 180-4 digest algorithms. New
d92b92
constructors and methods have been added to relevant JCA/JCE classes
d92b92
under the `java.security.spec` and `javax.crypto.spec` packages for
d92b92
supporting additional RSASSA-PSS parameters.
d92b92
d92b92
security-libs/javax.crypto:
d92b92
d92b92
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
d92b92
============================================================
d92b92
d92b92
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
d92b92
d92b92
security-libs/javax.security:
d92b92
d92b92
JDK-8227564: Allow SASL Mechanisms to Be Restricted
d92b92
===================================================
d92b92
d92b92
A security property named `jdk.sasl.disabledMechanisms` has been added
d92b92
that can be used to disable SASL mechanisms. Any disabled mechanism
d92b92
will be ignored if it is specified in the `mechanisms` argument of
d92b92
`Sasl.createSaslClient` or the `mechanism` argument of
d92b92
`Sasl.createSaslServer`. The default value for this security property
d92b92
is empty, which means that no mechanisms are disabled out-of-the-box.