RELEASE NOTES: JDK openjdk8u302

Notes generated: Tue Nov 01 02:49:46 CET 2022

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description
JDK-8206925

Support for certificate_authorities Extension


The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.

With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.

Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.

Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.


JDK-8254631

Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values


Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 Character Set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer.

ALPN values are now represented using the network byte representation expected by the peer, which should require no modification for standard 7-bit ASCII-based character Strings. However, SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property jdk.tls.alpnCharset to "UTF-8" revert the behavior.


Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values


Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 character set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer.

SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property jdk.tls.alpnCharset to "UTF-8" revert the behavior.

See the updated guide at https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html for more information.


security-libs/java.security

Issue Description
JDK-8243559

Removed Root Certificates with 1024-bit Keys


The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  • alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  • alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  • alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  • alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

```


JDK-8225081

Removed Telia Company's Sonera Class2 CA Certificate


The following root certificate has been removed from the cacerts truststore: ` + Telia Company + soneraclass2ca DN: CN=Sonera Class2 CA, O=Sonera, C=FI `


FIXED ISSUES

client-libs

Priority Bug Summary
P4 JDK-8028618 [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
P4 JDK-8035287 gcc warnings compiling various libraries files
P4 JDK-8249142 java/awt/FontClass/CreateFont/DeleteFont.sh is unstable

client-libs/2d

Priority Bug Summary
P4 JDK-8241829 Cleanup the code for PrinterJob on windows

client-libs/java.awt

Priority Bug Summary
P3 JDK-8262446 DragAndDrop hangs on Windows
P4 JDK-8265238 [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
P4 JDK-6990210 [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
P4 JDK-8134672 [TEST_BUG] Some tests should check isDisplayChangeSupported
P4 JDK-8261867 Backport relevant test changes & additions from JDK-8130125
P4 JDK-8043646 libosxapp.dylib fails to build on Mac OS 10.9 with clang
P4 JDK-8225116 Test OwnedWindowsLeak.java intermittently fails

client-libs/java.beans

Priority Bug Summary
P3 JDK-8030123 java/beans/Introspector/Test8027648.java fails
P3 JDK-8159898 Negative array size in java/beans/Introspector/Test8027905.java

client-libs/javax.accessibility

Priority Bug Summary
P2 JDK-8249278 Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
P4 JDK-7106851 Test should not use System.exit

client-libs/javax.imageio

Priority Bug Summary
P3 JDK-8190332 PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
P4 JDK-7059970 Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file

client-libs/javax.sound

Priority Bug Summary
P3 JDK-8178403 DirectAudio in JavaSound may hang and leak
P4 JDK-8129511 PlatformMidi.c:83 uses malloc without malloc header

client-libs/javax.swing

Priority Bug Summary
P4 JDK-8078855 [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
P4 JDK-8130430 [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
P4 JDK-8081764 [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
P4 JDK-8196092 javax/swing/JComboBox/8032878/bug8032878.java fails

core-libs/java.io

Priority Bug Summary
P4 JDK-8177809 File.lastModified() is losing milliseconds (always ends in 000)

core-libs/java.lang

Priority Bug Summary
P4 JDK-8241649 Optimize Character.toString

core-libs/java.net

Priority Bug Summary
P4 JDK-8231631 sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE

core-libs/java.nio

Priority Bug Summary
P4 JDK-6878250 (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
P4 JDK-8234011 (zipfs) Memory leak in ZipFileSystem.releaseDeflater()

core-libs/java.rmi

Priority Bug Summary
P4 JDK-8036095 RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
P4 JDK-8034999 TEST_BUG: change rmidRunning to a simple lookup
P4 JDK-8032050 TEST_BUG: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
P4 JDK-8035000 TEST_BUG: remove ActivationLibrary.DestroyThread and have callers call rmid.destroy() instead
P4 JDK-8035001 TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated

core-libs/java.util

Priority Bug Summary
P2 JDK-8075071 [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
P2 JDK-8199265 java/util/Arrays/TimSortStackSize2.java fails with OOM
P4 JDK-8190679 java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"

core-libs/java.util.logging

Priority Bug Summary
P3 JDK-8252883 AccessDeniedException caused by delayed file deletion on Windows

core-libs/java.util:i18n

Priority Bug Summary
P3 JDK-8262110 DST starts from incorrect time in 2038
P3 JDK-8073446 TimeZone getOffset API does not return a DST offset between years 2038-2137
P3 JDK-8255086 Update the root locale display names

core-libs/javax.naming

Priority Bug Summary
P3 JDK-8258753 StartTlsResponse.close() hangs due to synchronization issues

core-svc

Priority Bug Summary
P3 JDK-8206243 java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max

core-svc/java.lang.instrument

Priority Bug Summary
P3 JDK-8035054 JarFacade.c should not include ctype.h

core-svc/java.lang.management

Priority Bug Summary
P4 JDK-8034857 gcc warnings compiling src/solaris/native/sun/management

core-svc/tools

Priority Bug Summary
P4 JDK-8037825 Fix warnings and enable "warnings as errors" in serviceability native libraries

hotspot

Priority Bug Summary
P2 JDK-8239400 [8u] clean up delete-non-virtual-dtor warnings in HotSpot
P4 JDK-8209996 [PPC64] Fix JFR profiling.
P4 JDK-8269388 default build of jdk8 fails on newer GCCs with warnings as errors on format-overflow

hotspot/compiler

Priority Bug Summary
P2 JDK-8267689 [8u] [aarch64] Crash due to bad shift in indirect addressing mode
P2 JDK-8270533 AArch64: size_fits_all_mem_uses should return false if its output is a CAS
P2 JDK-8217230 assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
P2 JDK-8203196 C1 emits incorrect code due to integer overflow in _tableswitch keys
P2 JDK-8266191 Missing aarch64 parts of JDK-8181872(C1: possible overflow when strength reducing integer multiply by constant)
P3 JDK-8247350 [aarch64] assert(false) failed: wrong size of mach node
P3 JDK-8262726 AArch64: C1 StubAssembler::call_RT can corrupt stack
P3 JDK-8134883 C1 hard crash in range check elimination in Nashorn test262parallel
P3 JDK-8259619 C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
P3 JDK-8071374 Native disassembler implementation may be not thread-safe
P4 JDK-8191955 AArch64: incorrect prefetch distance causes an internal error
P4 JDK-8260255 C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
P4 JDK-8033289 clang: clean up unused function warning
P4 JDK-8230428 Cleanup dead CastIP node code in formssel.cpp
P4 JDK-8263504 Some OutputMachOpcodes fields are uninitialized

hotspot/gc

Priority Bug Summary
P1 JDK-8064909 FragmentMetaspace.java got OutOfMemoryError
P2 JDK-8264640 CMS ParScanClosure misses a barrier
P2 JDK-8183910 gc/arguments/TestAggressiveHeap.java fails intermittently
P2 JDK-8259271 gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
P2 JDK-8257999 Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
P2 JDK-8260704 ParallelGC: oldgen expansion needs release-store for _end
P2 JDK-8200550 Xcode 9.3 produce warning -Wexpansion-to-defined
P4 JDK-8257039 [8u] GenericTaskQueue destructor is incorrect
P4 JDK-8042891 Format issues embedded in macros for two g1 source files
P4 JDK-8132148 G1 hs_err region dump legend out of sync with region values
P4 JDK-8166724 gc/g1/TestHumongousShrinkHeap.java fails with OOME
P4 JDK-8130308 Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java

hotspot/jfr

Priority Bug Summary
P3 JDK-8266723 JFR periodic events are causing extra allocations
P4 JDK-8264562 assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
P4 JDK-8258669 fastdebug jvm crashes when do event based tracing for monitor inflation

hotspot/jvmti

Priority Bug Summary
P3 JDK-8217348 assert(thread->is_Java_thread()) failed: just checking

hotspot/runtime

Priority Bug Summary
P2 JDK-8239053 [8u] clean up undefined-var-template warnings
P2 JDK-8267235 [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
P3 JDK-8255734 VM should ignore SIGXFSZ on ppc64, s390 too
P4 JDK-8231949 [PPC64, s390]: Make async profiling more reliable
P4 JDK-8231841 AArch64: debug.cpp help() is missing an AArch64 line for pns
P4 JDK-8260029 aarch64: fix typo in verify_oop_array
P4 JDK-8260236 better init AnnotationCollector _contended_group
P4 JDK-8055754 filemap.cpp does not compile with clang
P4 JDK-8253375 OSX build fails with Xcode 12.0 (12A7209)
P4 JDK-8265832 runtime/StackGap/testme.sh fails to compile in 8u
P4 JDK-8264816 Weak handles leak causes GC to take longer

hotspot/svc

Priority Bug Summary
P3 JDK-8172188 JDI tests fail due to "permission denied" when creating temp file
P4 JDK-8043264 hsdis library not picked up correctly on expected paths

hotspot/test

Priority Bug Summary
P4 JDK-8267426 MonitorVmStartTerminate test timed out on Embedded VM

infrastructure

Priority Bug Summary
P4 JDK-8267545 [8u] Enable Xcode 12 builds on macOS

infrastructure/build

Priority Bug Summary
P2 JDK-8138820 JDK Hotspot build fails with Xcode 7.0.1
P3 JDK-8019470 Changes needed to compile JDK 8 on MacOS with clang compiler
P4 JDK-8077364 "if( !this )" construct prevents build on Xcode 6.3
P4 JDK-8263061 copy wrong unpack200.diz to bin directory on linux after 8252395
P4 JDK-8265666 Enable AIX build platform to make external debug symbols
P4 JDK-8262730 Enable jdk8u MacOS external debug symbols
P4 JDK-8250876 Fix issues with cross-compile on macos
P4 JDK-8269468 JDK-8269388 breaks the build on older GCCs
P4 JDK-8264509 jdk8u MacOS zipped debug symbols won't build
P4 JDK-8066508 JTReg tests timeout on slow devices when run using JPRT
P4 JDK-8262864 No debug symbols in image for Windows --with-native-debug-symbols=external

security-libs

Priority Bug Summary
P4 JDK-8205014 com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"

security-libs/java.security

Priority Bug Summary
P2 JDK-8156584 Initialization race in sun.security.x509.AlgorithmId.get
P3 JDK-8202299 Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
P3 JDK-8242565 Policy initialization issues when the denyAfter constraint is enabled
P3 JDK-8243559 Remove root certificates with 1024-bit keys
P3 JDK-8225081 Remove Telia Company CA certificate expiring in April 2021
P3 JDK-8266929 Unable to use algorithms from 3p providers
P4 JDK-8268444 keytool -v -list print is incorrect after backport JDK-8141457

security-libs/javax.crypto

Priority Bug Summary
P3 JDK-8258419 RSA cipher buffer cleanup

security-libs/javax.crypto:pkcs11

Priority Bug Summary
P4 JDK-8034856 gcc warnings compiling src/solaris/native/sun/security/pkcs11
P4 JDK-8265462 Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
P4 JDK-8261355 No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding

security-libs/javax.net.ssl

Priority Bug Summary
P2 JDK-8256818 SSLSocket that is never bound or connected leaks socket resources
P3 JDK-8254631 Better support ALPN byte wire values in SunJSSE
P3 JDK-8228757 Fail fast if the handshake type is unknown
P3 JDK-8257997 sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
P3 JDK-8257670 sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
P3 JDK-8206925 Support the certificate_authorities extension
P4 JDK-8259886 Improve SSL session cache performance and scalability
P4 JDK-8257884 Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test

security-libs/org.ietf.jgss

Priority Bug Summary
P3 JDK-8074835 Resolve disabled warnings for libj2gss

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8074836 Resolve disabled warnings for libosxkrb5

tools

Priority Bug Summary
P4 JDK-8180478 tools/launcher/MultipleJRE.sh fails on Windows because of extra-''

tools/javac

Priority Bug Summary
P3 JDK-8260484 CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
P3 JDK-8066807 langtools/test/Makefile should use -agentvm not -samevm
P4 JDK-8214345 infinite recursion while checking super class