/hg/release/icedtea6-1.11: 2 new changesets

Omair Majid omajid at redhat.com
Mon Jul 8 07:44:31 PDT 2013 

On 07/08/2013 04:08 AM, Andrew Hughes wrote:
> ----- Original Message -----
>> changeset d59bbf7333e0 in /hg/release/icedtea6-1.11
>> details:
>> http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=d59bbf7333e0
>> author: Omair Majid <omajid at redhat.com>
>> date: Mon Jul 01 21:05:04 2013 -0400
>>
>> 	Backport additional fixes.
>>
>> 	Additional fixes were applied to jdk7u as part of the security release.
>> 	This patch includes a subset of them.
>>
>> 	2013-07-01  Omair Majid  <omajid at redhat.com>
>>
>> 	    * patches/openjdk/7188114-alternate_command_line_parser.patch,
>> 	    * patches/openjdk/7199143-OCSP_timeout.patch,
>> 	    * patches/openjdk/8006120-server_jre.patch,
>> 	    * patches/openjdk/8006536-remove_trailing_slashes.patch,
>> 	    * patches/openjdk/8009165-inappropriate_method_in_reflectutil.patch,
>> 	    * patches/openjdk/8009217-fix_test_compile.patch,
>> 	    * patches/openjdk/8009463-space_and_final_backslash.patch,
>> 	    * patches/openjdk/8009610-blacklist_malware_certificate.patch,
>> 	    * patches/openjdk/8010213-set_socketoptions_windows.patch,
>> 	    * patches/openjdk/8010714-xml_dsig_retrievalmethod.patch,
>> 	    * patches/openjdk/8011154-awt_regresssion.patch,
>> 	    * patches/openjdk/8011313-OCSP_timeout_wrong_value.patch,
>> 	    * patches/openjdk/8011992-MlibOpsTest_failed.patch,
>> 	    * patches/openjdk/8012112-MlibOpsTest_fails.patch,
>> 	    * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
>> 	    * patches/openjdk/8012933-appcontext_disposed_too_early.patch,
>> 	    * patches/openjdk/8013196-TimeZone_getDefault_throws_exception.patch,
>> 	    * patches/openjdk/8014205-blank_swing_dialogs_windows.patch,
>> 	    * patches/openjdk/8014427-raster_regresssion.patch,
>> 	    * patches/openjdk/8014618-strip_leading_zeros_premastersecret.patch,
>> 	    * patches/openjdk/8014676-javadebugger_space_in_paths.patch,
>> 	    * patches/openjdk/8014968-OCSP_timeout_default.patch: New file.
>> 	    Backport from icedtea/openjdk 7.
>> 	    * Makefile.am (ICEDTEA_PATCHES): Apply the above.
>> 	    * patches/ecj/override.patch: Add new hunk for BufferedImage.
>> 	    * NEWS: Update with backports.
>>
> 
> Is there a reason for including all these backports in a security release?  Were
> regressions apparent? 

Some fixes, such as 8011992 and 8012112 seem to be bug fixes that go on
top of a security fix (8011243). This makes me think they are fixes for
regressions caused by the security update. Shall I only include those
patches that we know fixes a known regression? Or does including these
patches make sense?

> I didn't like having to include them in 7 as it was, but it
> was upstream did and many of them are for the JSR292 @CallerSensitive backport
> that doesn't apply to 6. 

You are right, the JSR292 bits of @CallerSensitive does not apply to 6.
On the other hand, most of the non-JSR292 changes do apply. My
motivation for adding this now was that there is a >99% chance that
future fixes that touch these methods will force us to backport this to
6 too. So I figured we might as well add it now.

I will backout the @CallerSensitive patch as you suggest and add it to
HEAD instead.

Thanks,
Omair

-- 
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95  0056 F286 F14F 6648 4681

More information about the distro-pkg-dev mailing list