[Bug 2124] [IcedTea7] Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Tue Feb 14 03:15:35 UTC 2017
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2124
--- Comment #4 from hg commits <mercurial at icedtea.classpath.org> ---
details:
http://icedtea.classpath.org//hg/release/icedtea7-2.6?cmd=changeset;node=270703ff63b4
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Mon Feb 13 17:07:42 2017 +0000
Bump to icedtea-2.6.9.
Upstream changes:
- Bump to icedtea-2.6.9
- PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken
by PR1989
- S6253144: Long narrowing conversion should describe the algorithm used
and implied "risks"
- S6328537: Improve javadocs for Socket class by adding references to
SocketOptions
- S6978886: javadoc shows stacktrace after print error resulting from
disk full
- S6995421: Eliminate the static dependency to
sun.security.ec.ECKeyFactory
- S6996372: synchronizing handshaking hash
- S7027045: (doc) java/awt/Window.java has several typos in javadoc
- S7054969: Null-check-in-finally pattern in java/security documentation
- S7059542: JNDI name operations should be locale independent
- S7072353: JNDI libraries do not build with javac -Xlint:all -Werror
- S7075563: Broken link in "javax.swing.SwingWorker"
- S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11
- S7088502: Security libraries don't build with javac -Werror
- S7092447: Clarify the default locale used in each locale sensitive
operation
- S7093640: Enable client-side TLS 1.2 by default
- S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager
is installed
- S7117360: Warnings in java.util.concurrent.atomic package
- S7117465: Warning cleanup for IMF classes
- S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an
error
- S8000418: javadoc should used a standard "generated by javadoc" string
- S8000666: javadoc should write directly to Writer instead of composing
strings
- S8000673: remove dead code from HtmlWriter and subtypes
- S8000970: break out auxiliary classes that will prevent multi-core
compilation of the JDK
- S8001669: javadoc internal DocletAbortException should set cause when
appropriate
- S8008949: javadoc stopped copying doc-files
- S8011402: Move blacklisting certificate logic from hard code to data
- S8011547: Update XML Signature implementation to Apache Santuario 1.5.4
- S8012288: XML DSig API allows wrong tag names and extra elements in
SignedInfo
- S8016217: More javadoc warnings
- S8017325: Cleanup of the javadoc <code> tag in java.security.cert
- S8017326: Cleanup of the javadoc <code> tag in java.security.spec
- S8019772: Fix doclint issues in javax.crypto and javax.security
subpackages
- S8020557: javadoc cleanup in javax.security
- S8020688: Broken links in documentation at
http://docs.oracle.com/javase/6/docs/api/index.
- S8021108: Clean up doclint warnings and errors in java.text package
- S8021417: Fix doclint issues in java.util.concurrent
- S8021833: javadoc cleanup in java.net
- S8022120: JCK test
api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails
- S8022175: Fix doclint warnings in javax.print
- S8022406: Fix doclint issues in java.beans
- S8022746: List of spelling errors in API doc
- S8024779: [macosx] SwingNode crashes on exit
- S8025085: [javadoc] some errors in javax/swing
- S8025218: [javadoc] some errors in java/awt classes
- S8025249: [javadoc] fix some javadoc errors in javax/swing/
- S8025409: Fix javadoc comments errors and warning reported by doclint
report
- S8026021: more fix of javadoc errors and warnings reported by doclint,
see the description
- S8026119: Regression test DHEKeySizing.java failing intermittently
- S8037099: [macosx] Remove all references to GC from native OBJ-C code
- S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID
attribute value is empty String
- S8038349: Signing XML with DSA throws Exception when key is larger than
1024 bits
- S8049244: XML Signature performance issue caused by unbuffered
signature data
- S8049432: New tests for TLS property jdk.tls.client.protocols
- S8050893: (smartcardio) Invert reset argument in tests in
sun/security/smartcardio
- S8059212: Modify sun/security/smartcardio manual regression tests so
that they do not just fail if no cardreader found
- S8068279: (typo in the spec)
javax.script.ScriptEngineFactory.getLanguageName
- S8068491: Update the protocol for references of docs.oracle.com to
HTTPS.
- S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be
updated for JDK-8061210
- S8075118: JVM stuck in infinite loop during verification
- S8076369: Introduce the jdk.tls.client.protocols system property for
JDK 7u
- S8138725: Add options for Javadoc generation
- S8139565: Restrict certificates with DSA keys less than 1024 bits
- S8140353: Improve signature checking
- S8140422: Add mechanism to allow non default root CAs to be not subject
to algorithm restrictions
- S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of
direct class check
- S8143959: Certificates requiring blacklisting
- S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
- S8148516: Improve the default strength of EC in JDK
- S8149029: Secure validation of XML based digital signature always
enabled when checking wrapping attacks
- S8151893: Add security property to configure XML Signature secure
validation mode
- S8151934: Resolve class resolution
- S8155760: Implement Serialization Filtering
- S8156802: Better constraint checking
- S8158406: Limited Parameter Processing
- S8158997: JNDI Protocols Switch
- S8159507: RuntimeVisibleAnnotation validation
- S8161218: Better bytecode loading
- S8161228: URL objects with custom protocol handlers have port changed
after deserializing
- S8161571: Verifying ECDSA signatures permits trailing bytes
- S8161743: Provide proper login context
- S8162577: Standardize logging levels
- S8162973: Better component components
- S8163304: jarsigner -verbose -verify should print the algorithms used
to sign the jar
- S8164143: Improve components for menu items
- S8164147: Improve streaming socket output
- S8164908: ReflectionFactory support for IIOP and custom serialization
- S8165071: Expand TLS support
- S8165230: RMIConnection addNotificationListeners failing with specific
inputs
- S8165344: Update concurrency support
- S8166393: disabledAlgorithms property should not be strictly parsed
- S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra
is very fast (Trackpad, Retina only)
- S8166739: Improve extensibility of ObjectInputFilter information passed
to the filter
- S8166875: (tz) Support tzdata2016g
- S8166878: Connection reset during TLS handshake
- S8166988: Improve image processing performance
- S8167104: Additional class construction refinements
- S8167223: URL handling improvements
- S8167356: Follow up fix for jdk8 backport of 8164143. Changes for
CMenuComponent.m were missed
- S8167459: Add debug output for indicating if a chosen ciphersuite was
legacy
- S8167472: Chrome interop regression with JDK-8148516
- S8167591: Add MD5 to signed JAR restrictions
- S8168705: Better ObjectIdentifier validation
- S8168714: Tighten ECDSA validation
- S8168724: ECDSA signing improvments
- S8168728: DSA signing improvments
- S8168861: AnchorCertificates uses hardcoded password for cacerts
keystore
- S8168993: JDK8u121 L10n resource file update
- S8169191: (tz) Support tzdata2016i
- S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for
January CPU
- S8169911: Enhanced tests for jarsigner -verbose -verify after
JDK-8163304
- S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms
property
- S8170268: 8u121 L10n resource file update - msgdrop 20
- S8173622: Backport of 7180907 is incomplete
- S8173849: Fix use of java.util.Base64 in test cases
- S8173854: [TEST] Update DHEKeySizing test case following 8076328 &
8081760
ChangeLog:
2017-02-13 Andrew John Hughes <gnu_andrew at member.fsf.org>
Bump to icedtea-2.6.9.
* Makefile.am:
(JDK_UPDATE_VERSION): Bump to 131.
(CORBA_CHANGESET): Update to icedtea-2.6.9.
(JAXP_CHANGESET): Likewise.
(JAXWS_CHANGESET): Likewise.
(JDK_CHANGESET): Likewise.
(LANGTOOLS_CHANGESET): Likewise.
(OPENJDK_CHANGESET): Likewise.
(CORBA_SHA256SUM): Likewise.
(JAXP_SHA256SUM): Likewise.
(JAXWS_SHA256SUM): Likewise.
(JDK_SHA256SUM): Likewise.
(LANGTOOLS_SHA256SUM): Likewise.
(OPENJDK_SHA256SUM): Likewise.
(install-data-local): Install blacklisted.certs.
* NEWS: Updated.
* configure.ac: Bump to 2.6.9.
* hotspot.map.in: Update to icedtea-2.6.9.
* patches/boot/ecj-diamond.patch:
Regenerated. Add new cases in
com.sun.jndi.cosnaming.CNCtx,
com.sun.jndi.cosnaming.CNNameParser,
com.sun.jndi.cosnaming.IiopUrl,
com.sun.jndi.dns.DnsContextFactory,
com.sun.jndi.dns.DnsName,
com.sun.jndi.dns.NameNode,
com.sun.jndi.dns.ResourceRecords,
com.sun.jndi.ldap.EventSupport,
com.sun.jndi.ldap.LdapClient,
com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.LdapCtx,
com.sun.jndi.ldap.LdapName,
com.sun.jndi.ldap.LdapResult,
com.sun.jndi.ldap.LdapSchemaParser,
com.sun.jndi.ldap.NamingEventNotifier,
com.sun.jndi.ldap.Obj,
com.sun.jndi.ldap.pool.Connections,
com.sun.jndi.ldap.pool.Pool,
com.sun.jndi.ldap.sasl.LdapSasl,
com.sun.jndi.toolkit.ctx.Continuation,
com.sun.jndi.toolkit.dir.HierMemDirCtx,
com.sun.jndi.toolkit.dir.SearchFilter,
com.sun.jndi.toolkit.url.GenericURLContext,
com.sun.naming.internal.FactoryEnumeration,
com.sun.naming.internal.ResourceManager,
com.sun.naming.internal.VersionHelper,
java.util.logging.LogRecord,
javax.naming.directory.BasicAttribute,
javax.naming.directory.BasicAttributes,
javax.naming.ldap.InitialLdapContext,
javax.naming.ldap.LdapName,
javax.naming.ldap.Rdn,
javax.naming.ldap.Rdn,
javax.naming.ldap.Rfc2253Parser,
javax.naming.NamingImpl,
javax.naming.Reference,
javax.naming.spi.DirectoryManager,
javax.naming.spi.NamingManager,
org.jcp.xml.dsig.internal.dom.Policy,
sun.awt.im.ExecutableInputMethodManager,
sun.awt.im.InputContext,
sun.misc.ObjectInputFilter,
sun.security.ssl.ExtensionType,
sun.security.ssl.SupportedEllipticCurvesExtension,
sun.security.ssl.SupportedEllipticPointFormatsExtension,
sun.security.tools.jarsigner.Main,
sun.security.util.UntrustedCertificates,
sun.security.util.AnchorCertificates,
sun.security.util.DisabledAlgorithmConstraints and
sun.security.x509.X509CertImpl.
* patches/boot/ecj-multicatch.patch:
Regenerated. Add new cases in
com.sun.naming.internal.ResourceManager,
sun.reflect.ReflectionFactory,
sun.security.x509.X509CertImpl,
com.sun.jndi.ldap.AbstractLdapNamingEnumeration,
com.sun.jndi.ldap.Connection and
com.sun.jndi.ldap.LdapCtx.
Drop case in sun.security.util.UntrustedCertificates.
* patches/boot/ecj-stringswitch.patch:
Regenerated. Add new cases in
com.sun.jndi.ldap.LdapCtx and
org.jcp.xml.dsig.internal.dom.Policy.
* patches/boot/ecj-trywithresources.patch:
Regenerated. Updated case in
sun.security.util.UntrustedCertificates.
Add new cases in
com.sun.jndi.ldap.Obj,
sun.security.util.AnchorCertificates and
sun.security.tools.jarsigner.Main.
* patches/boot/ecj-underscored_literals.patch:
Move case from sun.security.ssl.ServerHandshaker
to sun.security.util.Parsing.
* patches/pr2124.patch,
Extend following changes made in 8148516.
* patches/rh1022017.patch:
Adapt to changes made in 8148516.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20170214/4dd118d6/attachment-0001.html>
More information about the distro-pkg-dev
mailing list