RELEASE NOTES: JDK openjdk8u302

Notes generated: Tue Apr 02 00:41:21 CEST 2024

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description

Issue	Description
JDK-8254631	Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 Character Set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer. ALPN values are now represented using the network byte representation expected by the peer, which should require no modification for standard 7-bit ASCII-based character Strings. However, SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 character set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer. SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior. See the updated guide at https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html for more information.
JDK-8206925	Support for certificate_authorities Extension The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection. With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection. Applications can enable this extension for server certificate selection by setting the `jdk.tls.client.enableCAExtension` system property to `true`. The default value of the property is `false`. Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when `jdk.tls.client.enableCAExtension` is set to `true` and the client trusts more CAs than the server implementation limit.

Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values

Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 Character Set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer.

ALPN values are now represented using the network byte representation expected by the peer, which should require no modification for standard 7-bit ASCII-based character Strings. However, SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property jdk.tls.alpnCharset to "UTF-8" revert the behavior.

Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values

Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 character set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer.

SunJSSE now encodes/decodes String characters as 8-bit ISO88591/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property jdk.tls.alpnCharset to "UTF-8" revert the behavior.

See the updated guide at https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html for more information.

JDK-8206925

Support for certificate_authorities Extension

The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.

With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.

Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.

Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.

security-libs/java.security

Issue Description

Issue	Description
JDK-8225081	Removed Telia Company's Sonera Class2 CA Certificate The following root certificate has been removed from the cacerts truststore: ` + Telia Company + soneraclass2ca DN: CN=Sonera Class2 CA, O=Sonera, C=FI`
JDK-8243559	Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]" Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA alias name "verisignclass2g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US alias name "verisignclass3ca [jdk]" Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US alias name "verisignclass3g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US alias name "verisigntsaca [jdk]" Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ```

JDK-8225081

Removed Telia Company's Sonera Class2 CA Certificate

The following root certificate has been removed from the cacerts truststore: ` + Telia Company + soneraclass2ca DN: CN=Sonera Class2 CA, O=Sonera, C=FI`

JDK-8243559

Removed Root Certificates with 1024-bit Keys

The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts keystore: ``` + alias name "thawtepremiumserverca [jdk]" Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

alias name "verisignclass2g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
alias name "verisignclass3ca [jdk]" Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
alias name "verisignclass3g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
alias name "verisigntsaca [jdk]" Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

```

FIXED ISSUES

client-libs

Priority	Bug	Summary
P4	JDK-8028618	[TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
P4	JDK-8035287	gcc warnings compiling various libraries files
P4	JDK-8249142	java/awt/FontClass/CreateFont/DeleteFont.sh is unstable

client-libs/2d

Priority	Bug	Summary
P4	JDK-8241829	Cleanup the code for PrinterJob on windows

client-libs/java.awt

Priority	Bug	Summary
P3	JDK-8262446	DragAndDrop hangs on Windows
P4	JDK-8265238	[8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
P4	JDK-6990210	[TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
P4	JDK-8134672	[TEST_BUG] Some tests should check isDisplayChangeSupported
P4	JDK-8261867	Backport relevant test changes & additions from JDK-8130125
P4	JDK-8043646	libosxapp.dylib fails to build on Mac OS 10.9 with clang
P4	JDK-8225116	Test OwnedWindowsLeak.java intermittently fails

client-libs/java.beans

Priority	Bug	Summary
P3	JDK-8030123	java/beans/Introspector/Test8027648.java fails
P3	JDK-8159898	Negative array size in java/beans/Introspector/Test8027905.java

client-libs/javax.accessibility

Priority	Bug	Summary
P2	JDK-8249278	Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
P4	JDK-7106851	Test should not use System.exit

client-libs/javax.imageio

Priority	Bug	Summary
P3	JDK-8190332	PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
P4	JDK-7059970	Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file

client-libs/javax.sound

Priority	Bug	Summary
P3	JDK-8178403	DirectAudio in JavaSound may hang and leak
P4	JDK-8129511	PlatformMidi.c:83 uses malloc without malloc header

client-libs/javax.swing

Priority	Bug	Summary
P4	JDK-8078855	[TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
P4	JDK-8130430	[TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
P4	JDK-8081764	[TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
P4	JDK-8196092	javax/swing/JComboBox/8032878/bug8032878.java fails

core-libs/java.io

Priority	Bug	Summary
P4	JDK-8177809	File.lastModified() is losing milliseconds (always ends in 000)

core-libs/java.lang

Priority	Bug	Summary
P4	JDK-8241649	Optimize Character.toString

core-libs/java.net

Priority	Bug	Summary
P4	JDK-8231631	sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE

core-libs/java.nio

Priority	Bug	Summary
P4	JDK-6878250	(so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
P4	JDK-8234011	(zipfs) Memory leak in ZipFileSystem.releaseDeflater()

core-libs/java.rmi

Priority	Bug	Summary
P4	JDK-8036095	RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
P4	JDK-8034999	TEST_BUG: change rmidRunning to a simple lookup
P4	JDK-8032050	TEST_BUG: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
P4	JDK-8035000	TEST_BUG: remove ActivationLibrary.DestroyThread and have callers call rmid.destroy() instead
P4	JDK-8035001	TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated

core-libs/java.util

Priority	Bug	Summary
P2	JDK-8075071	[TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
P2	JDK-8199265	java/util/Arrays/TimSortStackSize2.java fails with OOM
P4	JDK-8190679	java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"

core-libs/java.util.logging

Priority	Bug	Summary
P3	JDK-8252883	AccessDeniedException caused by delayed file deletion on Windows

core-libs/java.util:i18n

Priority	Bug	Summary
P3	JDK-8262110	DST starts from incorrect time in 2038
P3	JDK-8073446	TimeZone getOffset API does not return a DST offset between years 2038-2137
P3	JDK-8255086	Update the root locale display names

core-libs/javax.naming

Priority	Bug	Summary
P3	JDK-8258753	StartTlsResponse.close() hangs due to synchronization issues

core-svc

Priority	Bug	Summary
P3	JDK-8206243	java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max

core-svc/java.lang.instrument

Priority	Bug	Summary
P3	JDK-8035054	JarFacade.c should not include ctype.h

core-svc/java.lang.management

Priority	Bug	Summary
P4	JDK-8034857	gcc warnings compiling src/solaris/native/sun/management

core-svc/tools

Priority	Bug	Summary
P4	JDK-8037825	Fix warnings and enable "warnings as errors" in serviceability native libraries

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8267689	[8u] [aarch64] Crash due to bad shift in indirect addressing mode
P2	JDK-8270533	AArch64: size_fits_all_mem_uses should return false if its output is a CAS
P2	JDK-8217230	assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
P2	JDK-8203196	C1 emits incorrect code due to integer overflow in _tableswitch keys
P2	JDK-8266191	Missing aarch64 parts of JDK-8181872(C1: possible overflow when strength reducing integer multiply by constant)
P3	JDK-8247350	[aarch64] assert(false) failed: wrong size of mach node
P3	JDK-8262726	AArch64: C1 StubAssembler::call_RT can corrupt stack
P3	JDK-8134883	C1 hard crash in range check elimination in Nashorn test262parallel
P3	JDK-8259619	C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
P3	JDK-8071374	Native disassembler implementation may be not thread-safe
P4	JDK-8191955	AArch64: incorrect prefetch distance causes an internal error
P4	JDK-8260255	C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
P4	JDK-8033289	clang: clean up unused function warning
P4	JDK-8230428	Cleanup dead CastIP node code in formssel.cpp
P4	JDK-8263504	Some OutputMachOpcodes fields are uninitialized

hotspot/gc

Priority	Bug	Summary
P1	JDK-8064909	FragmentMetaspace.java got OutOfMemoryError
P2	JDK-8264640	CMS ParScanClosure misses a barrier
P2	JDK-8183910	gc/arguments/TestAggressiveHeap.java fails intermittently
P2	JDK-8259271	gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
P2	JDK-8257999	Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
P2	JDK-8260704	ParallelGC: oldgen expansion needs release-store for _end
P2	JDK-8200550	Xcode 9.3 produce warning -Wexpansion-to-defined
P4	JDK-8257039	[8u] GenericTaskQueue destructor is incorrect
P4	JDK-8042891	Format issues embedded in macros for two g1 source files
P4	JDK-8132148	G1 hs_err region dump legend out of sync with region values
P4	JDK-8166724	gc/g1/TestHumongousShrinkHeap.java fails with OOME
P4	JDK-8130308	Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java

hotspot/jfr

Priority	Bug	Summary
P3	JDK-8266723	JFR periodic events are causing extra allocations
P4	JDK-8209996	[PPC64] Fix JFR profiling.
P4	JDK-8264562	assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
P4	JDK-8258669	fastdebug jvm crashes when do event based tracing for monitor inflation

hotspot/jvmti

Priority	Bug	Summary
P3	JDK-8217348	assert(thread->is_Java_thread()) failed: just checking

hotspot/other

Priority	Bug	Summary
P2	JDK-8239400	[8u] clean up delete-non-virtual-dtor warnings in HotSpot
P4	JDK-8269388	default build of jdk8 fails on newer GCCs with warnings as errors on format-overflow

hotspot/runtime

Priority	Bug	Summary
P2	JDK-8239053	[8u] clean up undefined-var-template warnings
P2	JDK-8267235	[macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
P3	JDK-8255734	VM should ignore SIGXFSZ on ppc64, s390 too
P4	JDK-8231949	[PPC64, s390]: Make async profiling more reliable
P4	JDK-8231841	AArch64: debug.cpp help() is missing an AArch64 line for pns
P4	JDK-8260029	aarch64: fix typo in verify_oop_array
P4	JDK-8260236	better init AnnotationCollector _contended_group
P4	JDK-8055754	filemap.cpp does not compile with clang
P4	JDK-8253375	OSX build fails with Xcode 12.0 (12A7209)
P4	JDK-8265832	runtime/StackGap/testme.sh fails to compile in 8u
P4	JDK-8264816	Weak handles leak causes GC to take longer

hotspot/svc

Priority	Bug	Summary
P3	JDK-8172188	JDI tests fail due to "permission denied" when creating temp file
P4	JDK-8043264	hsdis library not picked up correctly on expected paths

hotspot/test

Priority	Bug	Summary
P4	JDK-8267426	MonitorVmStartTerminate test timed out on Embedded VM

infrastructure

Priority	Bug	Summary
P4	JDK-8267545	[8u] Enable Xcode 12 builds on macOS

infrastructure/build

Priority	Bug	Summary
P2	JDK-8138820	JDK Hotspot build fails with Xcode 7.0.1
P3	JDK-8019470	Changes needed to compile JDK 8 on MacOS with clang compiler
P4	JDK-8077364	"if( !this )" construct prevents build on Xcode 6.3
P4	JDK-8263061	copy wrong unpack200.diz to bin directory on linux after 8252395
P4	JDK-8265666	Enable AIX build platform to make external debug symbols
P4	JDK-8262730	Enable jdk8u MacOS external debug symbols
P4	JDK-8250876	Fix issues with cross-compile on macos
P4	JDK-8269468	JDK-8269388 breaks the build on older GCCs
P4	JDK-8264509	jdk8u MacOS zipped debug symbols won't build
P4	JDK-8066508	JTReg tests timeout on slow devices when run using JPRT
P4	JDK-8262864	No debug symbols in image for Windows --with-native-debug-symbols=external

security-libs

Priority	Bug	Summary
P4	JDK-8205014	com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"

security-libs/java.security

Priority	Bug	Summary
P2	JDK-8156584	Initialization race in sun.security.x509.AlgorithmId.get
P3	JDK-8202299	Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
P3	JDK-8242565	Policy initialization issues when the denyAfter constraint is enabled
P3	JDK-8243559	Remove root certificates with 1024-bit keys
P3	JDK-8225081	Remove Telia Company CA certificate expiring in April 2021
P3	JDK-8266929	Unable to use algorithms from 3p providers
P4	JDK-8268444	keytool -v -list print is incorrect after backport JDK-8141457

security-libs/javax.crypto

Priority	Bug	Summary
P3	JDK-8258419	RSA cipher buffer cleanup

security-libs/javax.crypto:pkcs11

Priority	Bug	Summary
P4	JDK-8034856	gcc warnings compiling src/solaris/native/sun/security/pkcs11
P4	JDK-8265462	Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
P4	JDK-8261355	No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding

security-libs/javax.net.ssl

Priority	Bug	Summary
P2	JDK-8256818	SSLSocket that is never bound or connected leaks socket resources
P3	JDK-8254631	Better support ALPN byte wire values in SunJSSE
P3	JDK-8228757	Fail fast if the handshake type is unknown
P3	JDK-8257997	sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
P3	JDK-8257670	sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
P3	JDK-8206925	Support the certificate_authorities extension
P4	JDK-8259886	Improve SSL session cache performance and scalability
P4	JDK-8257884	Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test

security-libs/org.ietf.jgss

Priority	Bug	Summary
P3	JDK-8074835	Resolve disabled warnings for libj2gss

security-libs/org.ietf.jgss:krb5

Priority	Bug	Summary
P3	JDK-8074836	Resolve disabled warnings for libosxkrb5

tools

Priority	Bug	Summary
P4	JDK-8180478	tools/launcher/MultipleJRE.sh fails on Windows because of extra-''

tools/javac

Priority	Bug	Summary
P3	JDK-8260484	CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
P3	JDK-8066807	langtools/test/Makefile should use -agentvm not -samevm
P4	JDK-8214345	infinite recursion while checking super class