RELEASE NOTES: JDK openjdk8u242

Notes generated: Wed Sep 01 01:15:41 CEST 2021

JEPs

None.

RELEASE NOTES

security-libs/org.ietf.jgss:krb5

Issue Description
JDK-8201627

Kerberos Sequence Number Issues


Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property sun.security.krb5.acceptor.sequence.number.nonmutual is set to initiator, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to zero or 0, 0 is used. The default value is initiator. All other values are illegal and will throw an Error when the system property is read.


JDK-8215032

Support for Kerberos Cross-Realm Referrals (RFC 6806)


The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.

As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).

Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the sun.security.krb5.disableReferrals security or system property to false. To configure a custom maximum number of referral hops, set the sun.security.krb5.maxReferrals security or system property to any positive value.

See further information in JDK-8223172.


client-libs

Issue Description
JDK-8222496

[client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix


Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.

The old behavior can be restored by using the system property: -Djdk.gtk.version=2.2


client-libs/java.awt

Issue Description
JDK-8198649

GTK3 Is Now the Default on Linux/Unix


Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.

If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: -Djdk.gtk.version=2.2


security-libs/java.security

Issue Description
JDK-8232019

Added LuxTrust Global Root 2 Certificate


The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca

DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU

```


JDK-8233223

Added 4 Amazon Root CA Certificates


The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US

  • amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US

  • amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US

  • amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ```


FIXED ISSUES

client-libs

Priority Bug Summary
P2 JDK-8222496 [8u] Switch on GTK3 as a default GTK L&F in client-libs

client-libs/2d

Priority Bug Summary
P3 JDK-8215210 [macos] Hangul text does not shape to the precomposed form on JDK8u
P3 JDK-8232381 add result NULL-checking to freetypeScaler.c
P3 JDK-8212071 Need to set the FreeType LCD Filter to reduce fringing.

client-libs/java.awt

Priority Bug Summary
P2 JDK-8213119 [macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails
P2 JDK-8198649 Switch AWT/Swing's default GTK version to 3
P3 JDK-8221246 NullPointerException within Win32ShellFolder2

client-libs/javax.accessibility

Priority Bug Summary
P4 JDK-8132249 Clean up JAB debugging code

core-libs

Priority Bug Summary
P2 JDK-8138978 Examine usages of sun.misc.IOUtils
P3 JDK-8216401 Allow "file:" URLs in Class-Path of local JARs
P3 JDK-8039438 Some tests depend on internal API sun.misc.IOUtils

core-libs/java.io

Priority Bug Summary
P3 JDK-8080835 Add blocking bulk read operations to java.io.InputStream
P4 JDK-8139206 Add InputStream readNBytes(int len)
P4 JDK-8235909 File.exists throws AccessControlException for invalid paths when a SecurityManager is installed
P4 JDK-8193832 Performance of InputStream.readAllBytes() could be improved
P4 JDK-8236984 Reserved for 2020-01 CPU

core-libs/java.io:serialization

Priority Bug Summary
P3 JDK-8134424 BlockDataInputStream.readUTFBody: size local StringBuffer with the given length

core-libs/java.lang

Priority Bug Summary
P3 JDK-8194653 Deadlock involving FileSystems.getDefault and System.loadLibrary call
P3 JDK-8231584 Deadlock with ClassLoader.findLibrary and System.loadLibrary call
P4 JDK-8029629 (process) Improvements to test/java/lang/ProcessBuilder/Basic.java
P4 JDK-8208715 Conversion of milliseconds to nanoseconds in UNIXProcess contains bug.

core-libs/java.net

Priority Bug Summary
P3 JDK-8185898 setRequestProperty(key, null) results in HTTP header without colon in request
P3 JDK-8233886 TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date
P4 JDK-8170641 sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout

core-libs/java.nio

Priority Bug Summary
P4 JDK-8196956 (ch) More channels cleanup

core-libs/java.util

Priority Bug Summary
P3 JDK-8223490 Optimize search algorithm for determining default time zone
P4 JDK-8234591 [11u] Build with old C compiler broken by 8223490
P4 JDK-8231124 Missing closedir call with JDK-8223490

core-libs/jdk.nashorn

Priority Bug Summary
P4 JDK-8232984 Upgrading Joni License version to 2.1.16

core-svc/javax.management

Priority Bug Summary
P3 JDK-8195088 [TEST_BUG] StartManagementAgent got unexpected exception

hotspot/compiler

Priority Bug Summary
P2 JDK-8134739 compiler/loopopts/superword/TestVectorizationWithInvariant crashes in loop opts
P2 JDK-8236178 Debug build failed after 8236058
P2 JDK-8231988 Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop
P3 JDK-8225141 Better handling of classes in error state by fast class initialization checks
P3 JDK-8133951 Zero interpreter asserts in stubRoutines.cpp
P4 JDK-8230238 Add another regression test for JDK-8134739
P4 JDK-8230813 Add JDK-8010500 to compiler/loopopts/superword/TestFuzzPreLoop.java bug list
P4 JDK-8073154 NULL-pointer dereferencing in LIR_OpProfileType::print_instr
P5 JDK-8131778 java disables UseAES flag when using VIS=2 on sparc

hotspot/gc

Priority Bug Summary
P3 JDK-8229420 [Redo] jstat reports incorrect values for OU for CMS GC
P4 JDK-8156028 G1YoungGenSizer _adaptive_size not correct when setting NewSize and MaxNewSize to the same value

hotspot/runtime

Priority Bug Summary
P3 JDK-8231398 Add time tracing for gc log rotation at safepoint cleanup

other-libs

Priority Bug Summary
P4 JDK-8227715 GPLv2 files missing Classpath Exception

security-libs/java.security

Priority Bug Summary
P3 JDK-8233223 Add Amazon Root CA certificates
P3 JDK-8232019 Add LuxTrust certificate updates to the existing root program
P3 JDK-8173956 KeyStore regression due to default keystore being changed to PKCS12
P3 JDK-8037550 Update RFC references in javadoc to RFC 5280
P4 JDK-8055351 sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?)

security-libs/javax.crypto

Priority Bug Summary
P4 JDK-8183591 Incorrect behavior when reading DER value with Integer.MAX_VALUE length
P4 JDK-8221172 SunEC specific test is not limited to SunEC

security-libs/javax.net.ssl

Priority Bug Summary
P4 JDK-8133489 Better messaging for PKIX path validation matching

security-libs/javax.security

Priority Bug Summary
P3 JDK-8044500 Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
P3 JDK-8058290 JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace

security-libs/org.ietf.jgss

Priority Bug Summary
P2 JDK-8226719 Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"
P3 JDK-8227381 GSS login fails with PREAUTH_FAILED

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P2 JDK-8227437 S4U2proxy cannot continue because server's TGT cannot be found
P3 JDK-8132111 Do not request for addresses for forwarded TGT
P3 JDK-8031111 fix krb5 caddr
P3 JDK-8227061 KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC
P3 JDK-8186831 Kerberos ignores PA-DATA with a non-null s2kparams
P3 JDK-8201627 Kerberos sequence number issues
P4 JDK-8186576 KerberosTicket does not properly handle renewable tickets at the end of their lifetime
P4 JDK-8233944 Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
P4 JDK-8215032 Support Kerberos cross-realm referrals (RFC 6806)
P4 JDK-8186884 Test native KDC, Java krb5 lib, and native krb5 lib in one test

tools/javac

Priority Bug Summary
P3 JDK-8067429 java.lang.VerifyError: Inconsistent stackmap frames at branch target