Key:

JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release OpenJDK 15.0.2 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
  * https://builds.shipilev.net/backports-monitor/release-notes-15.0.2.txt

* Security fixes
  - JDK-8247619: Improve Direct Buffering of Characters
* Other changes
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
  - JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
  - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
  - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
  - JDK-8248667: Need support for building native libraries located in the test/lib directory
  - JDK-8249176: Update GlobalSignR6CA test certificates
  - JDK-8249192: MonitorInfo stores raw oops across safepoints
  - JDK-8249217: Unexpected StackOverflowError in "process reaper" thread still happens
  - JDK-8249781: AArch64: AOT compiled code crashes if C2 allocates r27
  - JDK-8250257: Bump release strings for JDK 15.0.2
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
  - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
  - JDK-8253191: C2: Masked byte comparisons with large masks produce wrong result on x86
  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
  - JDK-8253566: clazz.isAssignableFrom will return false for interface implementors
  - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
  - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
  - JDK-8253960: Memory leak in Java_java_lang_ClassLoader_defineClass0()
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
  - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
  - JDK-8254319: Shenandoah: Interpreter native-LRB needs to activate during HAS_FORWARDED
  - JDK-8254320: Shenandoah: C2 native LRB should activate for non-cset objects
  - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
  - JDK-8255065: Zero: accessor_entry misses the IRIW case
  - JDK-8255067: Restore Copyright line in file modified by 8253191
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
  - JDK-8255599: Change jdk 15.0.2 milestone to fcs for build b04
  - JDK-8255603: Memory/Performance regression after JDK-8210985
  - JDK-8256051: nmethod_entry_barrier stub miscalculates xmm spill size on x86_32
  - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
  - JDK-8256618: Zero: Linux x86_32 build still fails
  - JDK-8257181: s390x builds are very noisy with gc-sections messages
  - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
  - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays

Notes on individual issues:
===========================

core-libs/java.time:

JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
====================================================================
Following JDK's update to tzdata2020b, the long-obsolete files
pacificnew and systemv have been removed. As a result, the
"US/Pacific-New" zone name declared in the pacificnew data file is no
longer available for use.

Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

New in release OpenJDK 15.0.1 (2020-10-20):
===========================================
Live versions of these release notes can be found at:
  * https://builds.shipilev.net/backports-monitor/release-notes-15.0.1.txt

* Security fixes
  - JDK-8233624: Enhance JNI linkage
  - JDK-8236196: Improve string pooling
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
  - JDK-8240124: Better VM Interning
  - JDK-8241114, CVE-2020-14792: Better range handling
  - JDK-8242680, CVE-2020-14796: Improved URI Support
  - JDK-8242685, CVE-2020-14797: Better Path Validation
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
  - JDK-8243302: Advanced class supports
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
  - JDK-8244479: Further constrain certificates
  - JDK-8244955: Additional Fix for JDK-8240124
  - JDK-8245407: Enhance zoning of times
  - JDK-8245412: Better class definitions
  - JDK-8245417: Improve certificate chain handling
  - JDK-8248574: Improve jpeg processing
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
  - JDK-8253019: Enhanced JPEG decoding
* Other changes
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
  - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
  - JDK-8247251: Assert '(_pcs_length == 0 || last_pc()->pc_offset() < pc_offset) failed: must specify a new, larger pc offset' failure
  - JDK-8248495: [macos] zerovm is broken due to libffi headers location
  - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
  - JDK-8249165: Remove unneeded nops introduced by 8234160 changes
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
  - JDK-8249266: Bump release strings for JDK 15.0.1
  - JDK-8249266: Change jdk 15.0.1 milestone to fcs for build b02
  - JDK-8250612: jvmciCompilerToVM.cpp declares jio_printf with "void" return type, should be "int"
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
  - JDK-8250876: Fix issues with cross-compile on macos
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
  - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
  - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
  - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
  - JDK-8251910: Shenandoah: Handshake threads between weak-roots and reset phases
  - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
  - JDK-8252292: 8240795 may cause anti-dependence to be missed
  - JDK-8252359: HotSpot Not Identifying it is Running in a Container
  - JDK-8252367: Undo JDK-8245000: Windows GDI functions don't support large pages
  - JDK-8252368: Undo JDK-8245002: Windows GDI functions don't support NUMA interleaving
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
  - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
  - JDK-8253222: Shenandoah: unused AlwaysTrueClosure after JDK-8246591
  - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
  - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
  - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
  - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
  - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
  - JDK-8254560: Shenandoah: Concurrent Strong Roots logging is incorrect

Notes on individual issues:
===========================

security-libs/java.security:

JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
========================================================================
The Entrust root certificate has been added to the cacerts truststore:

Alias Name: entrustrootcag4
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

JDK-8250860: Added 3 SSL Corporation Root CA Certificates
=========================================================
The following root certificates have been added to the cacerts truststore for the SSL Corporation:

Alias Name: sslrootrsaca
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US

Alias Name: sslrootevrsaca
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US

Alias Name: sslrooteccca
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US