RELEASE NOTES: JDK openjdk8u242

Notes generated: Mon Apr 01 21:57:14 CEST 2024

JEPs

None.

RELEASE NOTES

security-libs/org.ietf.jgss:krb5

Issue Description

Issue	Description
JDK-8201627	Kerberos Sequence Number Issues Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property `sun.security.krb5.acceptor.sequence.number.nonmutual` is set to `initiator`, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to `zero` or `0`, 0 is used. The default value is `initiator`. All other values are illegal and will throw an Error when the system property is read.
JDK-8215032	Support for Kerberos Cross-Realm Referrals (RFC 6806) The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension. As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service). Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the `sun.security.krb5.disableReferrals` security or system property to false. To configure a custom maximum number of referral hops, set the `sun.security.krb5.maxReferrals` security or system property to any positive value. See further information in JDK-8223172.

JDK-8201627

Kerberos Sequence Number Issues

Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property sun.security.krb5.acceptor.sequence.number.nonmutual is set to initiator, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to zero or 0, 0 is used. The default value is initiator. All other values are illegal and will throw an Error when the system property is read.

JDK-8215032

Support for Kerberos Cross-Realm Referrals (RFC 6806)

The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.

As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).

Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the sun.security.krb5.disableReferrals security or system property to false. To configure a custom maximum number of referral hops, set the sun.security.krb5.maxReferrals security or system property to any positive value.

See further information in JDK-8223172.

client-libs

Issue Description

Issue	Description
JDK-8222496	[client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. The old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2`

JDK-8222496

[client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix

Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.

The old behavior can be restored by using the system property: -Djdk.gtk.version=2.2

client-libs/java.awt

Issue Description

Issue	Description
JDK-8198649	GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2`

JDK-8198649

GTK3 Is Now the Default on Linux/Unix

Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: -Djdk.gtk.version=2.2

security-libs/java.security

Issue Description

Issue	Description
JDK-8232019	Added LuxTrust Global Root 2 Certificate The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca `DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU` ```
JDK-8233223	Added 4 Amazon Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ```

JDK-8232019

Added LuxTrust Global Root 2 Certificate

The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca

DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU

```

JDK-8233223

Added 4 Amazon Root CA Certificates

The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US

amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US
amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US
amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ```

FIXED ISSUES

client-libs

Priority	Bug	Summary
P2	JDK-8222496	[8u] Switch on GTK3 as a default GTK L&F in client-libs

client-libs/2d

Priority	Bug	Summary
P3	JDK-8215210	[macos] Hangul text does not shape to the precomposed form on JDK8u
P3	JDK-8232381	add result NULL-checking to freetypeScaler.c
P3	JDK-8212071	Need to set the FreeType LCD Filter to reduce fringing.

client-libs/java.awt

Priority	Bug	Summary
P2	JDK-8213119	[macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails
P2	JDK-8198649	Switch AWT/Swing's default GTK version to 3
P3	JDK-8221246	NullPointerException within Win32ShellFolder2

client-libs/javax.accessibility

Priority	Bug	Summary
P4	JDK-8132249	Clean up JAB debugging code

core-libs

Priority	Bug	Summary
P2	JDK-8138978	Examine usages of sun.misc.IOUtils
P3	JDK-8216401	Allow "file:" URLs in Class-Path of local JARs
P3	JDK-8039438	Some tests depend on internal API sun.misc.IOUtils

core-libs/java.io

Priority	Bug	Summary
P3	JDK-8080835	Add blocking bulk read operations to java.io.InputStream
P4	JDK-8139206	Add InputStream readNBytes(int len)
P4	JDK-8235909	File.exists throws AccessControlException for invalid paths when a SecurityManager is installed
P4	JDK-8193832	Performance of InputStream.readAllBytes() could be improved
P4	JDK-8236984	Reserved for 2020-01 CPU

core-libs/java.io:serialization

Priority	Bug	Summary
P3	JDK-8134424	BlockDataInputStream.readUTFBody: size local StringBuffer with the given length

core-libs/java.lang

Priority	Bug	Summary
P3	JDK-8194653	Deadlock involving FileSystems.getDefault and System.loadLibrary call
P3	JDK-8231584	Deadlock with ClassLoader.findLibrary and System.loadLibrary call
P4	JDK-8029629	(process) Improvements to test/java/lang/ProcessBuilder/Basic.java
P4	JDK-8208715	Conversion of milliseconds to nanoseconds in UNIXProcess contains bug.

core-libs/java.net

Priority	Bug	Summary
P3	JDK-8185898	setRequestProperty(key, null) results in HTTP header without colon in request
P3	JDK-8233886	TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date
P4	JDK-8170641	sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout

core-libs/java.nio

Priority	Bug	Summary
P4	JDK-8196956	(ch) More channels cleanup

core-libs/java.util

Priority	Bug	Summary
P3	JDK-8223490	Optimize search algorithm for determining default time zone
P4	JDK-8234591	[11u] Build with old C compiler broken by 8223490
P4	JDK-8231124	Missing closedir call with JDK-8223490

core-libs/jdk.nashorn

Priority	Bug	Summary
P4	JDK-8232984	Upgrading Joni to 2.1.16

core-svc/javax.management

Priority	Bug	Summary
P3	JDK-8195088	[TEST_BUG] StartManagementAgent got unexpected exception

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8134739	compiler/loopopts/superword/TestVectorizationWithInvariant crashes in loop opts
P2	JDK-8236178	Debug build failed after 8236058
P2	JDK-8231988	Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop
P3	JDK-8225141	Better handling of classes in error state by fast class initialization checks
P3	JDK-8133951	Zero interpreter asserts in stubRoutines.cpp
P4	JDK-8230238	Add another regression test for JDK-8134739
P4	JDK-8230813	Add JDK-8010500 to compiler/loopopts/superword/TestFuzzPreLoop.java bug list
P4	JDK-8073154	NULL-pointer dereferencing in LIR_OpProfileType::print_instr
P5	JDK-8131778	java disables UseAES flag when using VIS=2 on sparc

hotspot/gc

Priority	Bug	Summary
P3	JDK-8229420	[Redo] jstat reports incorrect values for OU for CMS GC
P4	JDK-8156028	G1YoungGenSizer _adaptive_size not correct when setting NewSize and MaxNewSize to the same value

hotspot/runtime

Priority	Bug	Summary
P3	JDK-8231398	Add time tracing for gc log rotation at safepoint cleanup

other-libs

Priority	Bug	Summary
P4	JDK-8227715	GPLv2 files missing Classpath Exception

security-libs/java.security

Priority	Bug	Summary
P3	JDK-8233223	Add Amazon Root CA certificates
P3	JDK-8232019	Add LuxTrust certificate updates to the existing root program
P3	JDK-8173956	KeyStore regression due to default keystore being changed to PKCS12
P3	JDK-8037550	Update RFC references in javadoc to RFC 5280
P4	JDK-8055351	sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?)

security-libs/javax.crypto

Priority	Bug	Summary
P4	JDK-8183591	Incorrect behavior when reading DER value with Integer.MAX_VALUE length
P4	JDK-8221172	SunEC specific test is not limited to SunEC

security-libs/javax.net.ssl

Priority	Bug	Summary
P4	JDK-8133489	Better messaging for PKIX path validation matching

security-libs/javax.security

Priority	Bug	Summary
P3	JDK-8044500	Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
P3	JDK-8058290	JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace

security-libs/org.ietf.jgss

Priority	Bug	Summary
P2	JDK-8226719	Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"
P3	JDK-8227381	GSS login fails with PREAUTH_FAILED

security-libs/org.ietf.jgss:krb5

Priority	Bug	Summary
P2	JDK-8227437	S4U2proxy cannot continue because server's TGT cannot be found
P3	JDK-8132111	Do not request for addresses for forwarded TGT
P3	JDK-8031111	fix krb5 caddr
P3	JDK-8227061	KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC
P3	JDK-8186831	Kerberos ignores PA-DATA with a non-null s2kparams
P3	JDK-8201627	Kerberos sequence number issues
P4	JDK-8186576	KerberosTicket does not properly handle renewable tickets at the end of their lifetime
P4	JDK-8233944	Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
P4	JDK-8215032	Support Kerberos cross-realm referrals (RFC 6806)
P4	JDK-8186884	Test native KDC, Java krb5 lib, and native krb5 lib in one test

tools/javac

Priority	Bug	Summary
P3	JDK-8067429	java.lang.VerifyError: Inconsistent stackmap frames at branch target