OpenJDK 8u392-b07 EA Released

Andrew Hughes gnu.andrew at redhat.com
Tue Sep 26 21:14:52 UTC 2023 

I've made available an early access source bundle for 8u392, based on
the tag jdk8u392-b07:

https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b07-ea.tar.xz

The tarball is accompanied by a digital signature available at:

https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b07-ea.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint: CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

5f7ecc10107cb637fa31507e90b5ec6c0b98ebefe2e4b61168b274af54eaeeaa  openjdk8u392-b07-ea.tar.xz
96d3a93918eb552f6e2f1dd57325ca96d2e17ddef19d22f867b256b911d28934  openjdk8u392-b07-ea.tar.xz.sig

They are listed at
https://openjdk-sources.osci.io/openjdk8/openjdk8u392-b07-ea.sha256

The tarball was built on RHEL 6 (x86, x86_64) and RHEL 7 (aarch64,
ppc, ppc64, ppc64le, s390x, x86, x86_64)

Changes in 8u392 so far:
  - JDK-6722928: Provide a default native GSS-API library on Windows
  - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
  - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
  - JDK-8139348: Deprecate 3DES and RC4 in Kerberos
  - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
  - JDK-8200468: Port the native GSS-API bridge to Windows
  - JDK-8202952: C2: Unexpected dead nodes after matching
  - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
  - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
  - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
  - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
  - JDK-8232225: Rework the fix for JDK-8071483
  - JDK-8253269: The CheckCommonColors test should provide more info on failure
  - JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
  - JDK-8287663: Add a regression test for JDK-8287073
  - JDK-8295894: Remove SECOM certificate that is expiring in September 2023
  - JDK-8308788: [8u] Remove duplicate HaricaCA.java test
  - JDK-8309122: Bump update version of OpenJDK: 8u392
  - JDK-8309143: [8u] fix archiving inconsistencies in GHA
  - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms
  - JDK-8314960: Add Certigna Root CA - 2

Notes on individual issues:
===========================

security-libs/org.ietf.jgss:

JDK-6722928: Added a Default Native GSS-API Library on Windows
==============================================================

A native GSS-API library named `sspi_bridge.dll` has been added to the
JDK on the Windows platform.  As with native GSS-API library provision
on other operating systems, it will only be loaded when the
`sun.security.jgss.native` system property is set to "true". A user
can still load a third-party native GSS-API library instead by setting
the `sun.security.jgss.lib` system property to the appropriate path.

The library is client-side only and uses the default credentials.
Native GSS support automatically uses cached credentials from the
underlying operating system, so the
`javax.security.auth.useSubjectCredsOnly` system property should be
set to false.

The `com.sun.security.auth.module.Krb5LoginModule` does not call
native JGSS and so its use in your JAAS config should be avoided.

security-libs/org.ietf.jgss:krb5:

JDK-8139348: Deprecate 3DES and RC4 in Kerberos
===============================================
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
are now deprecated and disabled by default.  To re-enable them, you
can either enable all weak crypto (which also includes `des-cbc-crc`
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
`krb5.conf` configuration file or explicitly list all the preferred
encryption types using the `default_tkt_enctypes`,
`default_tgs_enctypes`, or `permitted_enctypes` settings.

security-libs/java.security:

JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
==================================================================
The following root certificate from SECOM Trust System has been
removed from the `cacerts` keystore:

Alias Name: secomscrootca1 [jdk]
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

JDK-8314960: Added Certigna Root CA Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:

Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR

Thanks,
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk8u-dev/attachments/20230926/66e8fcc8/signature-0001.asc>

More information about the jdk8u-dev mailing list