[Bug 2484] [IcedTea6] Disable export ciphers by default

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Jul 30 18:28:22 UTC 2015 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2484

--- Comment #2 from hg commits <mercurial at icedtea.classpath.org> ---
details:
http://icedtea.classpath.org//hg/release/icedtea6-1.13?cmd=changeset;node=0835c5802a25
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Jul 22 22:12:32 2015 +0100

    Update to b36 tarball.

    Changes in b36:
      - OPENJDK6-58: Allow OpenJDK to build on PaX-enabled kernels
      - OPENJDK6-59: Only apply PaX-marking when needed by a running PaX kernel
      - OPENJDK6-60, PR2484: Disable export ciphers by default
      - OPENJDK6-61: Remove translation strings for
ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn't exist in OpenJDK 6
      - OPENJDK6-62, PR2552: Restrict key size of RSA certificates to >= 1024
      - OPENJDK6-63: Remove @Override annotation on interfaces added by
2015/07/14 security fixes.
      - S6787645: CRL validation code should permit some clock skew when
checking validity of CRLs
      - S6996365: Evaluate the priorities of cipher suites
      - S7185471: Avoid key expansion when AES cipher is re-init w/ the same
key
      - S8007142: Add utility classes for writing better multiprocess tests in
jtreg
      - S8008089: Delete OS dependent check in JdkFinder.getExecutable()
      - S8024861: Incomplete token triggers GSS-API NullPointerException
      - S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed
to initialize connector
      - S8036786: Update jdk7 testlibrary to match jdk8
      - S8042205: javax/management/monitor/*: some tests didn't  get all the
notifications
      - S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
      - S8043200, PR2485: Decrease the preference mode of RC4 in the enabled
cipher suite list
      - S8043201: Deprecate RC4 in SunJSSE provider
      - S8043202: Prohibit RC4 cipher suites
      - S8046817: JDK 8 schemagen tool does not generate xsd files for enum
types
      - S8048194: GSSContext.acceptSecContext fails when a supported mech is
not initiator preferred
      - S8050158: Introduce system property to maintain RC4 preference order
      - S8062923: XSL: Run-time internal error in 'substring()'
      - S8062924: XSL: wrong answer from substring() function
      - S8064546: CipherInputStream throws BadPaddingException if stream is not
fully read
      - S8065764: javax/management/monitor/CounterMonitorTest.java hangs
      - S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java
hangs
      - S8067694: Improved certification checking
      - S8071715: Tune font layout engine
      - S8071731: Better scaling for C1
      - S8072490: Better font morphing redux
      - S8072887: Better font handling improvements
      - S8073334: Improved font substitutions
      - S8073357: schema1.xsd has wrong content. Sequence of the enum values
has been changed
      - S8073385: Bad error message on parsing illegal character in XML
attribute
      - S8073773: Presume path preparedness
      - S8073894: Getting to the root of certificate chains
      - S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris
Sparc
      - S8074297: substring in XSLT returns wrong character if string contains
supplementary chars
      - S8074312: Enable hotspot builds on 4.x Linux kernels
      - S8074330: Set font anchors more solidly
      - S8074335: Substitute for substitution formats
      - S8074865: General crypto resilience changes
      - S8074871: Adjust device table handling
      - S8075374: Responding to OCSP responses
      - S8075378: JNDI DnsClient Exception Handling
      - S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java
failed in certain env.
      - S8075576:
com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in
certain env.
      - S8075667: (tz) Support tzdata2015b
      - S8075738: Better multi-JVM sharing
      - S8075838: Method for typing MethodTypes
      - S8075853: Proxy for MBean proxies
      - S8076290: JCK test api/xsl/conf/string/string17 starts failing after
JDK-8074297
      - S8076328: Enforce key exchange constraints
      - S8076376: Enhance IIOP operations
      - S8076397: Better MBean connections
      - S8076401: Serialize OIS data
      - S8076405: Improve serial serialization
      - S8076409: Reinforce RMI framework
      - S8077520: Morph tables into improved form
      - S8077685: (tz) Support tzdata2015d
      - S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails
with BindException
      - S8078439: SPNEGO auth fails if client proposes MS krb5 OID
      - S8078666: JVM fastdebug build compiled with GCC 5 asserts with "widen
increases"
      - S8080318: jdk8u51 l10n resource file translation update
      - S8081386: Test
sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4
dependencies
      - S8081775: two lib/testlibrary tests are failing with "Error. failed to
clean up files after test" with jtreg 4.1 b12

    2015-07-22  Andrew John Hughes  <gnu.andrew at redhat.com>

        * patches/openjdk/8078666-widen_increases.patch:
        Removed; upstream in b36.
        * Makefile.am:
        (OPENJDK_DATE): Bump to b36 creation date;
        22nd of July, 2015.
        (OPENJDK_SHA256SUM): Update for b36 tarball.
        * NEWS: Updated with b36 changes. Remove duplicate
        issue in 1.13.6 release notes.
        * patches/openjdk/6956398-ephemeraldhkeysize.patch:
        Regenerated against b36.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150730/95096022/attachment-0001.html>

More information about the distro-pkg-dev mailing list