rpms / java-1.8.0-openjdk

Clone
Source Code
GIT

Files

f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f30
  2.   NEWS
Blob Blame History Raw 
Key:

JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release OpenJDK 8u252 (2020-04-14):
===========================================
Live versions of these release notes can be found at:
  * https://bitly.com/oj8u252
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt

* Security fixes
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
  - JDK-8225603: Enhancement for big integers
  - JDK-8227542: Manifest improved jar headers
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
  - JDK-8233250: Better X11 rendering
  - JDK-8233410: Better Build Scripting
  - JDK-8234027: Better JCEKS key support
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
* Other changes
  - JDK-7143743: Potential memory leak with zip provider
  - JDK-8005819: Support cross-realm MSSFU
  - JDK-8022263: use same Clang warnings on BSD as on Linux
  - JDK-8028480: (zipfs) NoSuchFileException on creating a file in ZipFileSystem with CREATE and WRITE
  - JDK-8031191: Warning exception when XMLSignature logging is enabled
  - JDK-8033215: clang: node.cpp:284 IDX_INIT macro use uninitialized field _out
  - JDK-8034773: (zipfs) newOutputstream uses CREATE_NEW when no options specified
  - JDK-8038431: Close InputStream when finished retrieving XML Signature HTTP References
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
  - JDK-8041620: Solaris Studio 12.4 C++ 5.13 change in behavior for placing friend declarations within surrounding scope.
  - JDK-8046044: Fix raw and unchecked lint warnings in XML Signature Impl
  - JDK-8046724: XML Signature ECKeyValue elements cannot be marshalled or unmarshalled
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
  - JDK-8056313: TEST_BUG: java/util/Timer/NameConstructors.java fails intermittently
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
  - JDK-8079140: IgnoreAllErrorHandler should use doPrivileged when it reads system properties
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
  - JDK-8132130: some docs cleanup
  - JDK-8134579: [TESTBUG] Some bmi tests fail if can_access_local_variables is on.
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
  - JDK-8143849: Integrate Marlin renderer per JEP 265
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
  - JDK-8144446: Automate the Marlin crash test
  - JDK-8144526: Remove Marlin logging use of deleted internal API
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
  - JDK-8144654: Improve Marlin logging
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
  - JDK-8144732: VM_HeapDumper hits assert with bad dump_len
  - JDK-8145055: Marlin renderer causes unaligned write accesses
  - JDK-8145849: ALPN: getHandshakeApplicationProtocol() always return null
  - JDK-8146293: Add support for RSASSA-PSS Signature algorithm
  - JDK-8146792: Predicate moved after partial peel may lead to broken graph
  - JDK-8150432: LocaleProviders.sh fails
  - JDK-8150460: (linux|bsd|aix)_close.c: file descriptor table may become large or may not work at all
  - JDK-8158978: ALPN not working when values are set directly on a SSLServerSocket
  - JDK-8162723: Array index overflow in Base64 utility class
  - JDK-8166976: TestCipherPBECons has wrong @run line
  - JDK-8167409: Invalid value passed to critical JNI function
  - JDK-8170282: Enable ALPN parameters to be supplied during the TLS handshake
  - JDK-8171443: (spec) An ALPN callback function may also ignore ALPN
  - JDK-8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
  - JDK-8191227: issues with unsafe handle resolution
  - JDK-8193255: Root Certificates should be stored in text format and assembled at build time
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
  - JDK-8200400: Restrict Sasl mechanisms
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
  - JDK-8205445: Add RSASSA-PSS Signature support to SunMSCAPI
  - JDK-8205720: KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key
  - JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized
  - JDK-8213009: Refactoring existing SunMSCAPI classes
  - JDK-8213010: Supporting keys created with certmgr.exe
  - JDK-8214096: sun.security.util.SignatureUtil passes null parameter, so JCE validation fails
  - JDK-8215694: keytool cannot generate RSASSA-PSS certificates
  - JDK-8215756: Memory leaks in the AWT on macOS
  - JDK-8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
  - JDK-8216354: Syntax error in toolchain_windows.m4
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
  - JDK-8218553: Enhance keystore load debug output
  - JDK-8218580: endpoint identification algorithm should be case-insensitive
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
  - JDK-8221407: Windows 32bit build error in libsunmscapi/security.cpp
  - JDK-8223003: SunMSCAPI keys are not cleaned up
  - JDK-8223063: Support CNG RSA keys
  - JDK-8223158: Docked MacBook cannot start any Java Swing applications
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
  - JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows
  - JDK-8225392: Comparison builds are failing due to cacerts file
  - JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
  - JDK-8227397: Add --with-extra-asflags configure option
  - JDK-8227662: freetype seeks to index at the end of the font data
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
  - JDK-8229767: Typo in java.security: Sasl.createClient and Sasl.createServer
  - JDK-8229872: (fs) Increase buffer size used with getmntent
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
  - JDK-8230977: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension (Java SE 8)
  - JDK-8230978: Add support for RSASSA-PSS Signature algorithm (Java SE 8)
  - JDK-8231201: hs_err should print coalesced safepoint operations in Events section
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
  - JDK-8231991: Mouse wheel change focus on awt/swing windows
  - JDK-8232003: (fs) Files.write can leak file descriptor in the exception case
  - JDK-8232154: Update Mesa 3-D Headers to version 19.2.1
  - JDK-8232355: Two obsolete flags have the wrong obsolete version in 8u
  - JDK-8233023: assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory
  - JDK-8233404: System property to set the number of PBE iterations in JCEKS keystores
  - JDK-8233995: java.vm.vendor (and potentially other properties/fields) not correctly set in Windows/Hotspot build of OpenJDK8
  - JDK-8234107: Several AWT modal dialog tests failing on Linux after JDK-8231991
  - JDK-8234245: sun/security/lib/cacerts/VerifyCACerts.java fails due to wrong checksum
  - JDK-8234264: Incorrect 8047434 JDK 8 backport in 8219677
  - JDK-8234288: Turkey Time Zone returns incorrect time zone name
  - JDK-8235142: JDK-8193255 backport broke bootstrap with JDK 10
  - JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
  - JDK-8235904: Infinite loop when rendering huge lines
  - JDK-8236179: C1 register allocation error with T_ADDRESS
  - JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
  - JDK-8236873: Worker has a deadlock bug
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
  - JDK-8237523: 8u backport of JDK-8216354 didn't include generated-configure.sh changes
  - JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
  - JDK-8241307: Marlin renderer should not be the default in 8u252

Notes on individual issues:
===========================

hotspot/svc:

JDK-8174881: Binary format for HPROF updated 
============================================

When dumping the heap in binary format, HPROF format 1.0.2 is always
used now. Previously, format 1.0.1 was used for heaps smaller than
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
serviceability agent.

security-libs/java.security:

JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
====================================================================================

The SunRsaSign and SunJCE providers have been enhanced with support
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
signature and OAEP using FIPS 180-4 digest algorithms. New
constructors and methods have been added to relevant JCA/JCE classes
under the `java.security.spec` and `javax.crypto.spec` packages for
supporting additional RSASSA-PSS parameters.

security-libs/javax.crypto:

JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
============================================================

The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.

security-libs/javax.security:

JDK-8227564: Allow SASL Mechanisms to Be Restricted
===================================================

A security property named `jdk.sasl.disabledMechanisms` has been added
that can be used to disable SASL mechanisms. Any disabled mechanism
will be ignored if it is specified in the `mechanisms` argument of
`Sasl.createSaslClient` or the `mechanism` argument of
`Sasl.createSaslServer`. The default value for this security property
is empty, which means that no mechanisms are disabled out-of-the-box.
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.