OpenJDK 8u392-b06 EA Released

Andrew Hughes gnu.andrew at redhat.com
Thu Sep 21 12:05:05 UTC 2023 

I've made available an early access source bundle for 8u392, based on
the tag jdk8u392-b06:

https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b06-ea.tar.xz

The tarball is accompanied by a digital signature available at:

https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b06-ea.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint: CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

5a05a325c358cc28b57b3b13932b3b55af9349dadbc5570b11ddcc482814fb43  openjdk8u392-b06-ea.tar.xz
d4223c16097f2bb7ff6949388b7f7ed0f3400086db5249ef38fc3a766b485ee3  openjdk8u392-b06-ea.tar.xz.sig

They are listed at
https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b06-ea.sha256

The tarball was built on RHEL 6 (x86, x86_64) and RHEL 7 (aarch64,
ppc, ppc64, ppc64le, s390x, x86, x86_64)

Changes in 8u392 so far:
  - JDK-6722928: Provide a default native GSS-API library on Windows
  - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
  - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
  - JDK-8139348: Deprecate 3DES and RC4 in Kerberos
  - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
  - JDK-8200468: Port the native GSS-API bridge to Windows
  - JDK-8202952: C2: Unexpected dead nodes after matching
  - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
  - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
  - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
  - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
  - JDK-8232225: Rework the fix for JDK-8071483
  - JDK-8253269: The CheckCommonColors test should provide more info on failure
  - JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
  - JDK-8287663: Add a regression test for JDK-8287073
  - JDK-8295894: Remove SECOM certificate that is expiring in September 2023
  - JDK-8308788: [8u] Remove duplicate HaricaCA.java test
  - JDK-8309122: Bump update version of OpenJDK: 8u392
  - JDK-8309143: [8u] fix archiving inconsistencies in GHA
  - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms

Notes on individual issues:
===========================

security-libs/org.ietf.jgss:

JDK-6722928: Added a Default Native GSS-API Library on Windows
==============================================================

A native GSS-API library named `sspi_bridge.dll` has been added to the
JDK on the Windows platform.  As with native GSS-API library provision
on other operating systems, it will only be loaded when the
`sun.security.jgss.native` system property is set to "true". A user
can still load a third-party native GSS-API library instead by setting
the `sun.security.jgss.lib` system property to the appropriate path.

The library is client-side only and uses the default credentials.
Native GSS support automatically uses cached credentials from the
underlying operating system, so the
`javax.security.auth.useSubjectCredsOnly` system property should be
set to false.

The `com.sun.security.auth.module.Krb5LoginModule` does not call
native JGSS and so its use in your JAAS config should be avoided.

security-libs/org.ietf.jgss:krb5:

JDK-8139348: Deprecate 3DES and RC4 in Kerberos
===============================================
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
are now deprecated and disabled by default.  To re-enable them, you
can either enable all weak crypto (which also includes `des-cbc-crc`
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
`krb5.conf` configuration file or explicitly list all the preferred
encryption types using the `default_tkt_enctypes`,
`default_tgs_enctypes`, or `permitted_enctypes` settings.

security-libs/java.security:

JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
==================================================================
The following root certificate from SECOM Trust System has been
removed from the `cacerts` keystore:

Alias Name: secomscrootca1 [jdk]
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

Thanks,
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk8u-dev/attachments/20230921/3fab9af3/signature.asc>

More information about the jdk8u-dev mailing list