RELEASE NOTES FOR: openjdk8u252 ==================================================================================================== Notes generated: Sat Aug 01 02:06:03 CEST 2020 JIRA Query: project = JDK AND (status in (Closed, Resolved)) AND (resolution not in ("Won't Fix", Duplicate, "Cannot Reproduce", "Not an Issue", Withdrawn)) AND (labels not in (release-note, testbug, openjdk-na, testbug) OR labels is EMPTY) AND (summary !~ 'testbug') AND (summary !~ 'problemlist') AND (summary !~ 'problem list') AND (summary !~ 'release note') AND (issuetype != CSR) AND fixVersion = openjdk8u252 Acquiring pages (163 total): .... done Loading issues (163 total): .... done Resolving issues (163 total): ... done Resolving parents (163 total): ... done JIRA Query: project = JDK AND issuetype = JEP AND fixVersion = openjdk8u252 ORDER BY summary ASC Acquiring pages (0 total): done Loading issues (0 total): done Resolving issues (0 total): done Resolving parents (0 total): done Filtered 0 issues carried over, 161 pushes left. Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES, BY COMPONENT: client-libs: JDK-8229245: [client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. The old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2` client-libs/java.awt: JDK-8203311: GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2` hotspot/svc: JDK-8174881: Binary format for HPROF updated When dumping the heap in binary format, HPROF format 1.0.2 is always used now. Previously, format 1.0.1 was used for heaps smaller than 2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the serviceability agent. security-libs/java.security: JDK-8234774: Added 4 Amazon Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US + amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US + amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US + amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ``` JDK-8234215: Added LuxTrust Global Root 2 Certificate The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU ``` JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature The SunRsaSign and SunJCE providers have been enhanced with support for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS signature and OAEP using FIPS 180-4 digest algorithms. New constructors and methods have been added to relevant JCA/JCE classes under the `java.security.spec` and `javax.crypto.spec` packages for supporting additional RSASSA-PSS parameters. security-libs/javax.crypto: JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. security-libs/javax.security: JDK-8227564: Allow SASL Mechanisms to Be Restricted A security property named `jdk.sasl.disabledMechanisms` has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the `mechanisms` argument of `Sasl.createSaslClient` or the `mechanism` argument of `Sasl.createSaslServer`. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box. ALL FIXED ISSUES, BY COMPONENT: client-libs: JDK-8222496: [8u] Switch on GTK3 as a default GTK L&F in client-libs JDK-8231991: Mouse wheel change focus on awt/swing windows client-libs/2d: JDK-8232381: add result NULL-checking to freetypeScaler.c JDK-8144446: Automate the Marlin crash test JDK-8227662: freetype seeks to index at the end of the font data JDK-8144654: Improve Marlin logging JDK-8235904: Infinite loop when rendering huge lines JDK-8143849: Integrate Marlin renderer per JEP 265 JDK-8145055: Marlin renderer causes unaligned write accesses JDK-8241307: Marlin renderer should not be the default in 8u252 JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins JDK-8144526: Remove Marlin logging use of deleted internal API JDK-8232154: Update Mesa 3-D Headers to version 19.2.1 JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats client-libs/java.awt: JDK-8213119: [macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails JDK-8038631: Create wrapper for awt.Robot with additional functionality JDK-8215756: Memory leaks in the AWT on macOS JDK-8221246: NullPointerException within Win32ShellFolder2 JDK-8234107: Several AWT modal dialog tests failing on Linux after JDK-8231991 JDK-8198649: Switch AWT/Swing's default GTK version to 3 client-libs/javax.swing: JDK-8223158: Docked MacBook cannot start any Java Swing applications JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception core-libs: JDK-8216401: Allow "file:" URLs in Class-Path of local JARs JDK-8138978: Examine usages of sun.misc.IOUtils JDK-8039438: Some tests depend on internal API sun.misc.IOUtils core-libs/java.io: JDK-8080835: Add blocking bulk read operations to java.io.InputStream JDK-8139206: Add InputStream readNBytes(int len) JDK-8229022: BufferedReader performance can be improved by using StringBuilder JDK-8235909: File.exists throws AccessControlException for invalid paths when a SecurityManager is installed JDK-8193832: Performance of InputStream.readAllBytes() could be improved JDK-8236984: Reserved for 2020-01 CPU core-libs/java.io:serialization: JDK-8134424: BlockDataInputStream.readUTFBody: size local StringBuffer with the given length core-libs/java.lang: JDK-8029629: (process) Improvements to test/java/lang/ProcessBuilder/Basic.java JDK-8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug. JDK-8194653: Deadlock involving FileSystems.getDefault and System.loadLibrary call JDK-8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call core-libs/java.net: JDK-8150460: (linux|bsd|aix)_close.c: file descriptor table may become large or may not work at all JDK-8068184: Fix for JDK-8032832 caused a deadlock JDK-8185898: setRequestProperty(key, null) results in HTTP header without colon in request JDK-8170641: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout JDK-8233886: TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date core-libs/java.nio: JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions JDK-8196956: (ch) More channels cleanup JDK-8232003: (fs) Files.write can leak file descriptor in the exception case JDK-8229872: (fs) Increase buffer size used with getmntent JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) JDK-8034773: (zipfs) newOutputstream uses CREATE_NEW when no options specified JDK-8028480: (zipfs) NoSuchFileException on creating a file in ZipFileSystem with CREATE and WRITE JDK-7143743: (zipfs) Potential memory leak with zip provider core-libs/java.rmi: JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read core-libs/java.util: JDK-8234591: [11u] Build with old C compiler broken by 8223490 JDK-8231124: Missing closedir call with JDK-8223490 JDK-8223490: Optimize search algorithm for determining default time zone JDK-8056313: TEST_BUG: java/util/Timer/NameConstructors.java fails intermittently core-libs/java.util:i18n: JDK-8150432: java/util/Locale/LocaleProviders.sh failed on Win10. JDK-8234288: Turkey Time Zone returns incorrect time zone name core-libs/jdk.nashorn: JDK-8232984: Upgrading Joni License version to 2.1.16 core-svc/javax.management: JDK-8195088: [TEST_BUG] StartManagementAgent got unexpected exception hotspot/compiler: JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT JDK-8233023: assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory JDK-8225141: Better handling of classes in error state by fast class initialization checks JDK-8236179: C1 register allocation failure with T_ADDRESS JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type JDK-8033215: clang: node.cpp:284 IDX_INIT macro use uninitialized field _out JDK-8236178: Debug build failed after 8236058 JDK-8167409: Invalid value passed to critical JNI function JDK-8131778: java disables UseAES flag when using VIS=2 on sparc JDK-8146792: Predicate moved after partial peel may lead to broken graph JDK-8191227: Unsafe handle resolution in ConstantOopWriteValue::write_on() / print_on() and LIR_Assembler::jobject2reg() hotspot/gc: JDK-8229420: [Redo] jstat reports incorrect values for OU for CMS GC JDK-8135318: CMS: wrong max_eden_size for check_gc_overhead_limit JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests hotspot/runtime: JDK-8231201: hs_err should print coalesced safepoint operations in Events section JDK-8234264: Incorrect 8047434 JDK 8 backport in 8219677 JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid JDK-8241296: Segfault in JNIHandleBlock::oops_do() JDK-8041620: Solaris Studio 12.4 C++ 5.13 change in behavior for placing friend declarations within surrounding scope JDK-8232355: Two obsolete flags have the wrong obsolete version in 8u hotspot/svc: JDK-8144732: VM_HeapDumper hits assert with bad dump_len hotspot/svc-agent: JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled infrastructure/build: JDK-8237523: 8u backport of JDK-8216354 didn't include generated-configure.sh changes JDK-8227397: Add --with-extra-asflags configure option JDK-8225392: Comparison builds are failing due to cacerts file JDK-8233995: java.vm.vendor (and potentially other properties/fields) not correctly set in Windows/Hotspot build of OpenJDK8 JDK-8235142: JDK-8193255 backport broke bootstrap with JDK 10 JDK-8193255: Root Certificates should be stored in text format and assembled at build time JDK-8216354: Syntax error in toolchain_windows.m4 JDK-8022263: use same Clang warnings on BSD as on Linux other-libs: JDK-8227715: GPLv2 files missing Classpath Exception security-libs: JDK-8241823: SignedObject throws NullPointerException for null keys with an initialized Signature object JDK-8132130: Some docs cleanup JDK-8233404: System property to set the number of PBE iterations in JCEKS keystores security-libs/java.security: JDK-8233223: Add Amazon Root CA certificates JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test JDK-8232019: Add LuxTrust certificate updates to the existing root program JDK-8146293: Add support for RSASSA-PSS Signature algorithm JDK-8230978: Add support for RSASSA-PSS Signature algorithm (Java SE 8) JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId JDK-8218553: Enhance keystore load debug output JDK-8205720: KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key JDK-8173956: KeyStore regression due to default keystore being changed to PKCS12 JDK-8215694: keytool cannot generate RSASSA-PSS certificates JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows JDK-8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider) JDK-8214096: sun.security.util.SignatureUtil passes null parameter, so JCE validation fails JDK-8234245: sun/security/lib/cacerts/VerifyCACerts.java fails due to wrong checksum JDK-8055351: sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?) JDK-8166976: TestCipherPBECons has wrong @run line JDK-8037550: Update RFC references in javadoc to RFC 5280 security-libs/javax.crypto: JDK-8205445: Add RSASSA-PSS Signature support to SunMSCAPI JDK-8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length JDK-8193262: JNI array not released in libsunmscapi convertToLittleEndian JDK-8213009: Refactoring existing SunMSCAPI classes JDK-8221172: SunEC specific test is not limited to SunEC JDK-8223003: SunMSCAPI keys are not cleaned up JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION JDK-8223063: Support CNG RSA keys JDK-8213010: Supporting keys created with certmgr.exe JDK-8221407: Windows 32bit build error in libsunmscapi/security.cpp security-libs/javax.net.ssl: JDK-8171443: (spec) An ALPN callback function may also ignore ALPN JDK-8158978: ALPN not working when values are set directly on a SSLServerSocket JDK-8145849: ALPN: getHandshakeApplicationProtocol() always return null JDK-8133489: Better messaging for PKIX path validation matching JDK-8170282: Enable ALPN parameters to be supplied during the TLS handshake JDK-8218580: endpoint identification algorithm should be case-insensitive JDK-8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension JDK-8230977: JEP 244: TLS Application-Layer Protocol Negotiation Extension (Java SE 8) JDK-8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange security-libs/javax.security: JDK-8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes JDK-8200400: Allow Sasl mechanisms to be restricted JDK-8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace JDK-8229767: Typo in java.security: Sasl.createClient and Sasl.createServer security-libs/javax.xml.crypto: JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature JDK-8162723: Array index overflow in Base64 utility class JDK-8038431: Close InputStream when finished retrieving XML Signature HTTP References JDK-8046044: Fix raw and unchecked lint warnings in XML Signature Impl JDK-8079140: IgnoreAllErrorHandler should use doPrivileged when it reads system properties JDK-8031191: Warning exception when XMLSignature logging is enabled JDK-8046724: XML Signature ECKeyValue elements cannot be marshalled or unmarshalled security-libs/org.ietf.jgss: JDK-8227381: GSS login fails with PREAUTH_FAILED JDK-8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message" security-libs/org.ietf.jgss:krb5: JDK-8132111: Do not request for addresses for forwarded TGT JDK-8031111: fix krb5 caddr JDK-8227061: KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC JDK-8186831: Kerberos ignores PA-DATA with a non-null s2kparams JDK-8186576: KerberosTicket does not properly handle renewable tickets at the end of their lifetime JDK-8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private JDK-8227437: S4U2proxy cannot continue because server's TGT cannot be found JDK-8005819: Support cross-realm MSSFU JDK-8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test tools/jconsole: JDK-8236873: Worker has a deadlock bug CARRIED OVER FROM PREVIOUS RELEASES: None.