[EXTERNAL] 8u242 Rampdown: Bug Triage
Eric Peterson
epeterson at interactivebrokers.com
Tue Dec 17 14:02:38 UTC 2019
Hi Andrew,
Are any of the below open bugs for 8u242 considered to be critical security fixes?
—Eric
> On Dec 17, 2019, at 1:32 AM, Andrew John Hughes <gnu.andrew at redhat.com> wrote:
>
> Hi all,
>
> We have reached the point of rampdown for 8u242 where work will now be
> deferred to 8u252, unless a critical request to include it in 8u242 is
> approved (see [0]).
>
> I've been going through the list of bugs which are marked as fixed in
> Oracle's proprietary 8u241/2 [1] to see what is still missing in OpenJDK 8u:
>
> 1. JDK-8041620: "Solaris Studio 12.4 C++ 5.13 change in behavior for
> placing friend declarations within surrounding scope".
>
> No sign of a backport for 8u.
>
> 2. JDK-8056313: "TEST_BUG: java/util/Timer/NameConstructors.java fails
> intermittently"
>
> No sign of a backport to 8u.
>
> 3. JDK-8080462: "Update SunPKCS11 provider with PKCS11 v2.40 support"
>
> Still under review; postponed to 8u252.
>
> 4. JDK-8143925: "enhancing CounterMode.crypt() for
> AESCrypt.implEncryptBlock()"
>
> No sign of a backport to 8u.
>
> 5. JDK-8146581: "Minor corrections to the patch submitted for earlier
> bug id - 8143925"
>
> No sign of a backport to 8u and depends on #5.
>
> 6. JDK-8148188: "Enhance the security libraries to record events of
> interest"
>
> Depends on JFR so one for that branch for now.
>
> 7. JDK-8171974: "Fix for R10 Register clobbering with usage of
> ExternalAddress"
>
> No sign of a backport to 8u.
>
> 8. JDK-8177334: "Update xmldsig implementation to Apache Santuario 2.1.1"
>
> Major backport already defered from 8u232. Postponed to 8u252.
>
> 9. JDK-8200400: "Allow Sasl mechanisms to be restricted"
>
> Waiting on CSR https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.openjdk.java.net%2Fbrowse%2FJDK-8230491&data=01%7C01%7Cepeterson%40interactivebrokers.com%7C5f57f874a0c1463fc4c008d782bb4704%7C7abd04ef837d48e69ba869d84f65a110%7C0&sdata=o2wlMl0SwyzF5aurGvTLcIS%2FSq3fx8vZ2wd0640Hfu4%3D&reserved=0
>
> 10. JDK-8201627: "Kerberos sequence number issues"
>
> Still under review; needs backports of JDK-8186884 & JDK-8154231.
>
> 11. JDK-8205507: "jdk/javax/xml/crypto/dsig/GenerationTests.java timed out"
>
> Depends on 8177334 (#9), so also deferred to 8u252.
>
> 12. JDK-8217581: "JDK 8 javadoc man page does not list correct values
> for -source"
>
> No sign of a backport to 8u.
>
> 13. JDK-8217878: "ENVELOPING XML signature no longer works"
>
> Depends on 8177334 (#9), so also deferred to 8u252.
>
> 14. JDK-8218605: "Startup Splash Screen of SwingSet2 flashes in smaller
> coordinates before appearing in the final size"
>
> No progress since 8u232.
>
> 15. JDK-8218629: "XML Digital Signature throws NAMESPACE_ERR exception
> on OpenJDK 11, works 8/9/10"
>
> Depends on 8177334 (#8), so also deferred to 8u252.
>
> 16. JDK-8219013: "Update Apache Santuario (XML Signature) to version 2.1.3"
>
> Depends on 8177334 (#8), so also deferred to 8u252.
>
> 17. JDK-8225695: "32-bit build failures after JDK-8080462 (Update
> SunPKCS11 provider with PKCS11 v2.40 support)"
>
> Depends on 8080462 (#3), so also deferred to 8u252.
>
> 18. JDK-8228835: "Memory leak in PKCS11 provider when using AES GCM"
>
> Caused by 8080462 (#3), so also deferred to 8u252.
>
> 19. JDK-8229243: "SunPKCS11-Solaris provider tests failing on Solaris 11.4"
>
> Caused by 8080462 (#3), so also deferred to 8u252.
>
> 20. JDK-8229767: "Typo in java.security: Sasl.createClient and
> Sasl.createServer"
>
> Depends on 8200400 (#9), so deferred to 8u252.
>
> 21. JDK-8229868: "Update Apache Santuario TPRM version"
>
> Can be combined with 8219013 (#16), so deferred to 8u252.
>
> 22. JDK-8230303: "JDB hangs when running monitor command"
>
> No sign of a backport to 8u.
>
> 23. JDK-8230751: "The underline of the text doesn't display unless
> resizing the window with the option "-server -d64 -Xmixed
> -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel".
>
> No patch, no sign of a fix for 8u.
>
> 24. JDK-8210776: "Upgrade X Window System 6.8.2 to the latest XWD 1.0.7"
>
> Patch not posted until 2019-12-16, deferred to 8u252.
>
> 25. JDK-8230782: "Robot.createScreenCapture() fails if “awt.robot.gtk”
> is set to false"
>
> Depends on 8210776 (#24)
>
> 26. JDK-8231254: "(fs) Add test for macOS Catalina changes to protect
> system software"
>
> No sign of a backport to 8u.
>
> 27. JDK-8232019: "Add LuxTrust certificate updates to the existing root
> program"
>
> No sign of a backport to 8u.
>
> 28. JDK-8232178: "MacVolumesTest failed after upgrade to MacOS Catalina"
>
> No sign of a backport to 8u.
>
> 29. JDK-8233223: "Add Amazon Root CA certificates"
>
> No sign of a backport to 8u.
>
> Although this appears to be a long list, a number of them are related,
> particularly #8 and friends which have already been deferred from 8u232.
> Hopefully, there will be some progress on that for 8u252. The highest
> numbered bugs also seem to have been added to the list very late in the
> release cycle.
>
> Thanks to everyone who has submitted patches and/or reviews during the
> 8u242 development cycle. Onwards to 8u252!
>
> [0] https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.openjdk.java.net%2Fdisplay%2Fjdk8u%2FMain&data=01%7C01%7Cepeterson%40interactivebrokers.com%7C5f57f874a0c1463fc4c008d782bb4704%7C7abd04ef837d48e69ba869d84f65a110%7C0&sdata=osKG6gfWb5t0YnKRoEtvwZEPppzYKCpl%2B5AMP7mFLbA%3D&reserved=0
> [1] https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.openjdk.java.net%2Fissues%2F%3Ffilter%3D37085&data=01%7C01%7Cepeterson%40interactivebrokers.com%7C5f57f874a0c1463fc4c008d782bb4704%7C7abd04ef837d48e69ba869d84f65a110%7C0&sdata=ZZKuTF9qzGCVrmcBZY4htpyv8e6cu3IBrhuuUQPqno8%3D&reserved=0
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> Red Hat, Inc. (https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.redhat.com&data=01%7C01%7Cepeterson%40interactivebrokers.com%7C5f57f874a0c1463fc4c008d782bb4704%7C7abd04ef837d48e69ba869d84f65a110%7C0&sdata=JubUHR91It8%2B2Y7ZPe6WzcdzLZuVSwqGBSHXDTO3fKw%3D&reserved=0)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkeybase.io%2Fgnu_andrew&data=01%7C01%7Cepeterson%40interactivebrokers.com%7C5f57f874a0c1463fc4c008d782bb4704%7C7abd04ef837d48e69ba869d84f65a110%7C0&sdata=sdVkUAvinBa%2Byra8BZS9n6btCVcFg8mH%2FDSJqXGDf24%3D&reserved=0
>
More information about the jdk8u-dev
mailing list