OpenJDK 8u272 Released

Langer, Christoph christoph.langer at sap.com
Wed Oct 21 14:22:10 UTC 2020


Hi Andrew,

why isn't this pushed to http://hg.openjdk.java.net/jdk8u/jdk8u yet?

I think this should be the first place where the release can be found...

Thanks
Christoph

> -----Original Message-----
> From: jdk8u-dev <jdk8u-dev-retn at openjdk.java.net> On Behalf Of Andrew
> Hughes
> Sent: Mittwoch, 21. Oktober 2020 08:08
> To: jdk8u-dev at openjdk.java.net
> Subject: OpenJDK 8u272 Released
> 
> We are pleased to announce the release of OpenJDK 8u272.
> 
> The source tarball is available from:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u272-ga.tar.xz
> 
> The tarball is accompanied by a digital signature available at:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u272-ga.tar.xz.sig
> 
> This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):
> 
> PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
> Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F
> 
> SHA256 checksums:
> 
> ce77e0a3d2b7ff3e2e17e25dd4e1d1499ca950a539c56e5020416957ea7eac6f
> openjdk8u272-ga.tar.xz
> aec51ca092db93c57de810886d3c3ba18bd93f5f6f99cf2ba257e01eaeb1eaa2
> openjdk8u272-ga.tar.xz.sig
> 
> The checksums can be downloaded from:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u272-ga.sha256
> 
> New in release OpenJDK 8u272 (2020-10-20):
> ===========================================
> Live versions of these release notes can be found at:
>   * https://bitly.com/openjdk8u272
>   * https://builds.shipilev.net/backports-monitor/release-notes-
> openjdk8u272.txt
> 
> * New features
>   - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
> * Security fixes
>   - JDK-8233624: Enhance JNI linkage
>   - JDK-8236196: Improve string pooling
>   - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
>   - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
>   - JDK-8237995, CVE-2020-14782: Enhance certificate processing
>   - JDK-8240124: Better VM Interning
>   - JDK-8241114, CVE-2020-14792: Better range handling
>   - JDK-8242680, CVE-2020-14796: Improved URI Support
>   - JDK-8242685, CVE-2020-14797: Better Path Validation
>   - JDK-8242695, CVE-2020-14798: Enhanced buffer support
>   - JDK-8243302: Advanced class supports
>   - JDK-8244136, CVE-2020-14803: Improved Buffer supports
>   - JDK-8244479: Further constrain certificates
>   - JDK-8244955: Additional Fix for JDK-8240124
>   - JDK-8245407: Enhance zoning of times
>   - JDK-8245412: Better class definitions
>   - JDK-8245417: Improve certificate chain handling
>   - JDK-8248574: Improve jpeg processing
>   - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
>   - JDK-8253019: Enhanced JPEG decoding
> * Other changes
>   - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails
> sometimes
>   - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
> test/compiler/7177917/Test7177917.java
>   - JDK-8023697: failed class resolution reports different class name in detail
> message for the first and subsequent times
>   - JDK-8025886: replace [[ and == bash extensions in regtest
>   - JDK-8026236: Add PrimeTest for BigInteger
>   - JDK-8031625: javadoc problems referencing inner class constructors
>   - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to
> prune locals
>   - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in
> DefaultProxySelector.c
>   - JDK-8039082: [TEST_BUG] Test
> java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
>   - JDK-8046274: Removing dependency on jakarta-regexp
>   - JDK-8048933: -XX:+TraceExceptions output should include the message
>   - JDK-8057003: Large reference arrays cause extremely long synchronization
> times
>   - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in
> jdk 9 fcs new platforms/compiler
>   - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
> IllegalArgumentException for flags of type double
>   - JDK-8062947: Fix exception message to correctly represent LDAP
> connection failure
>   - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
>   - JDK-8075774: Small readability and performance improvements for zipfs
>   - JDK-8076151: [TESTBUG] Test
> java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
>   - JDK-8078334: Mark regression tests using randomness
>   - JDK-8078880: Mark a few more intermittently failuring security-libs
>   - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
>   - JDK-8132206: move ScanTest.java into OpenJDK
>   - JDK-8132376: Add @requires os.family to the client tests with access to
> internal OS-specific API
>   - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
>   - JDK-8137087: [TEST_BUG] Cygwin failure of
> java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncode
> dURLTest.sh
>   - JDK-8144539: Update PKCS11 tests to run with security manager
>   - JDK-8145808:
> java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java
> hangs on Win. 8
>   - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
>   - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM
> as an equivalent
>   - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to
> timeout on DeadServerNoTimeoutTest is incorrect
>   - JDK-8151788: NullPointerException from ntlm.Client.type3
>   - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
>   - JDK-8152077: (cal) Calendar.roll does not always roll the hours during
> daylight savings
>   - JDK-8153430: jdk regression test MletParserLocaleTest,
> ParserInfiniteLoopTest reduce default timeout
>   - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
>   - JDK-8154313: Generated javadoc scattered all over the place
>   - JDK-8156169: Some sound tests rarely hangs because of incorrect
> synchronization
>   - JDK-8160768: Add capability to custom resolve host/domain names within
> the default JNDI LDAP provider
>   - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
>   - JDK-8163251: Hard coded loop limit prevents reading of smart card data
> greater than 8k
>   - JDK-8165936: Potential Heap buffer overflow when seaching timezone info
> files
>   - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db
> when NSS uses sqlite
>   - JDK-8166148: Fix for JDK-8165936 broke solaris builds
>   - JDK-8167300: Scheduling failures during gcm should be fatal
>   - JDK-8167615: Opensource unit/regression tests for JavaSound
>   - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
>   - JDK-8169925: PKCS #11 Cryptographic Token Interface license
>   - JDK-8172012: [TEST_BUG] delays needed in
> javax/swing/JTree/4633594/bug4633594.java
>   - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails
> with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
>   - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
>   - JDK-8177628: Opensource unit/regression tests for ImageIO
>   - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
>   - JDK-8183349: Better cleanup for
> jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and
> WriteAfterAbort.java
>   - JDK-8183351: Better cleanup for
> jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.
> sh
>   - JDK-8184762: ZapStackSegments should use optimized memset
>   - JDK-8191678: [TESTBUG] Add keyword headful in java/awt
> FocusTransitionTest test.
>   - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with
> error : revokeall.exe: Permission denied
>   - JDK-8193137: Nashorn crashes when given an empty script file
>   - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
>   - JDK-8194298: Add support for per Socket configuration of TCP keepalive
>   - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws
> error
>   - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
>   - JDK-8201633: Problems with AES-GCM native acceleration
>   - JDK-8203357: Container Metrics
>   - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
>   - JDK-8210147: adjust some WSAGetLastError usages in windows network
> coding
>   - JDK-8211049: Second parameter of "initialize" method is not used
>   - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return
> a clean boolean
>   - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor
> versions
>   - JDK-8214862: assert(proj != __null) at compile.cpp:3251
>   - JDK-8216283: Allow shorter method sampling interval than 10 ms
>   - JDK-8217606: LdapContext#reconnect always opens a new connection
>   - JDK-8217647: JFR: recordings on 32-bit systems unreadable
>   - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
>   - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on
> OpenJDK 11, works 8/9/10
>   - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth
> is set to zero
>   - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
>   - JDK-8220165: Encryption using GCM results in RuntimeException- input
> length out of bound
>   - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
>   - JDK-8220555: JFR tool shows potentially misleading message when it
> cannot access a file
>   - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker
> container only works with debug JVMs
>   - JDK-8221569: JFR tool produces incorrect output when both --categories
> and --events are specified
>   - JDK-8222079: Don't use memset to initialize fields decode_env constructor
> in disassembler.cpp
>   - JDK-8224217: RecordingInfo should use textual representation of path
>   - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11
> provider with PKCS11 v2.40 support)
>   - JDK-8226575: OperatingSystemMXBean should be made container aware
>   - JDK-8226697: Several tests which need the @key headful keyword are
> missing it.
>   - JDK-8226809: Circular reference in printed stack trace is not correctly
> indented & ambiguous
>   - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
>   - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer
> overflow
>   - JDK-8230303: JDB hangs when running monitor command
>   - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return
> NULL if n is not in the CG
>   - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
>   - JDK-8231779: crash
> HeapWord*ParallelScavengeHeap::failed_mem_allocate
>   - JDK-8233097: Fontmetrics for large Fonts has zero width
>   - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
>   - JDK-8234617: C1: Incorrect result of field load due to missing narrowing
> conversion
>   - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
>   - JDK-8235325: build failure on Linux after 8235243
>   - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
>   - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling
> of XML messages
>   - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
>   - JDK-8238225: Issues reported after replacing symlink at
> Contents/MacOS/libjli.dylib with binary
>   - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple
> definition" link errors with GCC10
>   - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple
> definition" link errors with GCC10
>   - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with
> GCC10
>   - JDK-8238898: Missing hash characters for header on license file
>   - JDK-8239385: KerberosTicket client name refers wrongly to
> sAMAccountName in AD
>   - JDK-8239819: XToolkit: Misread of screen information memory
>   - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
>   - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
>   - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with
> a security one
>   - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM
> crash
>   - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params
> from byte array
>   - JDK-8243138: Enhance BaseLdapServer to support starttls extended
> request
>   - JDK-8243320: Add SSL root certificates to Oracle Root CA program
>   - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
>   - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time
> under certain conditions
>   - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release
> 1.8.26
>   - JDK-8244818: Java2D Queue Flusher crash while moving application
> window to external monitor
>   - JDK-8245467: Remove 8u TLSv1.2 implementation files
>   - JDK-8245469: Remove DTLS protocol implementation
>   - JDK-8245470: Fix JDK8 compatibility issues
>   - JDK-8245471: Revert JDK-8148188
>   - JDK-8245472: Backport JDK-8038893 to JDK8
>   - JDK-8245473: OCSP stapling support
>   - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
>   - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by
> default
>   - JDK-8245477: Adjust TLS tests location
>   - JDK-8245653: Remove 8u TLS tests
>   - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
>   - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
>   - JDK-8246310: Clean commented-out code about ModuleEntry
> andPackageEntry in JFR
>   - JDK-8246384: Enable JFR by default on supported architectures for October
> 2020 release
>   - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
>   - JDK-8248851: CMS: Missing memory fences between free chunk check and
> klass read
>   - JDK-8249158: THREAD_START and THREAD_END event posted in primordial
> phase
>   - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String...
> keys) method public
>   - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool
> behavior
>   - JDK-8250546: Expect changed behaviour reported in JDK-8249846
>   - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java
> container metrics
>   - JDK-8250755: Better cleanup for
> jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
>   - JDK-8250875: Incorrect parameter type for update_number in
> JDK_Version::jdk_update
>   - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
>   - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true
> or false
>   - JDK-8251341: Minimal Java specification change
>   - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
>   - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
>   - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
> AgeTableTracer::is_tenuring_distribution_event_enabled
>   - JDK-8252573: 8u: Windows build failed after 8222079 backport
>   - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
>   - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix
> for JDK-8249158
>   - JDK-8254937: Revert JDK-8148854 for 8u272
> 
> Notes on individual issues:
> ===========================
> 
> core-svc/java.lang.management:
> 
> JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return
> Container Specific Data
> ==========================================================
> ==================================
> When executing in a container, or other virtualized operating
> environment, the following `OperatingSystemMXBean` methods in this
> release return container specific information, if
> available. Otherwise, they return host specific data:
> 
> * getFreePhysicalMemorySize()
> * getTotalPhysicalMemorySize()
> * getFreeSwapSpaceSize()
> * getTotalSwapSpaceSize()
> * getSystemCpuLoad()
> 
> security-libs/java.security:
> 
> JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
> ==========================================================
> ==============
> The Entrust root certificate has been added to the cacerts truststore:
> 
> Alias Name: entrustrootcag4
> Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c)
> 2015 Entrust,  Inc. - for authorized use only", OU=See
> www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
> 
> JDK-8250860: Added 3 SSL Corporation Root CA Certificates
> =========================================================
> The following root certificates have been added to the cacerts truststore for
> the SSL Corporation:
> 
> Alias Name: sslrootrsaca
> Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL
> Corporation, L=Houston, ST=Texas, C=US
> 
> Alias Name: sslrootevrsaca
> Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2,
> O=SSL Corporation, L=Houston, ST=Texas, C=US
> 
> Alias Name: sslrooteccca
> Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL
> Corporation, L=Houston, ST=Texas, C=US
> 
> security-libs/javax.crypto:pkcs11:
> 
> JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
> ==========================================================
> =============
> The SunPKCS11 provider has been updated with support for PKCS#11
> v2.40. This version adds support for more algorithms such as the
> AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
> digests, and RSASSA-PSS signatures when the corresponding PKCS11
> mechanisms are supported by the underlying PKCS11 library.
> 
> security-libs/javax.security:
> 
> JDK-8242059: Support for canonicalize in krb5.conf
> ==================================================
> The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
> the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
> canonicalization is requested by clients in TGT requests to KDC
> services (AS protocol). Otherwise, and by default, it is not
> requested.
> 
> The new default behavior is different from previous releases where
> name canonicalization was always requested by clients in TGT requests
> to KDC services (provided that support for RFC 6806[1] was not
> explicitly disabled with the *sun.security.krb5.disableReferrals*
> system or security properties).
> 
> [0]: https://web.mit.edu/kerberos/krb5-
> devel/doc/admin/conf_files/krb5_conf.html
> [1]: https://tools.ietf.org/html/rfc6806
> 
> security-libs/javax.xml.crypto:
> 
> JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
> ==========================================================
> ===========
> The XMLDSig provider implementation in the `java.xml.crypto` module has
> been updated to version 2.1.1 of Apache Santuario.
> 
> New features include:
> 
> 1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
> in RFC 6931.
> 2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
> RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
> 
> JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to
> fallback to legacy Base64 Encoding format
> ==========================================================
> ==================================================
> The upgrade to the Apache Santuario libraries (see above) introduced
> an issue where XML signature using Base64 encoding resulted in
> appending `&#xd` or `&#13` to the encoded output. This behavioural
> change was made in the Apache Santuario codebase to comply with RFC
> 2045. The Santuario team has adopted a position of keeping their
> libraries compliant with RFC 2045.
> 
> Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
> data in a format without `&#xd` or `&#13`.
> 
> Therefore a new system property, specific to the 8 update stream,
> `com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
> available to fall back to the legacy Base64 encoded format.
> 
> Users can set this flag in one of two ways:
> 
> 1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
> 
> 2.
> System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnl
> y", "true")
> 
> This new system property is disabled by default. It has no effect on
> default behaviour nor when
> `com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
> is set.
> 
> Later JDK family versions will only support the recommended property:
> 
> `com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
> 
> Thanks,
> --
> Andrew :)
> 
> Senior Free Java Software Engineer
> OpenJDK Package Owner
> Red Hat, Inc. (http://www.redhat.com)
> 
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222


More information about the jdk8u-dev mailing list