[PATCH] 2013/06/18 Security Errata: JDK Changes

Andrew Hughes gnu.andrew at redhat.com
Thu Aug 1 15:19:15 PDT 2013 

Here is the first batch of changes for the 2013/06/18 errata.
CORBA and langtools changes will follow, along with the upgrade to HotSpot.

Webrev: http://cr.openjdk.java.net/~andrew/openjdk6/20130618/jdk/

Changes:

7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
6741606: Integrate Apache Santuario
7170730: Improve Windows network stack support.
8000638: Improve deserialization
8001032: Restrict object access
8001033: Refactor network address handling in virtual machine identifiers
8001034: Memory management improvements
8001038: Resourcefully handle resources
8001043: Clarify definition restrictions
8001309: Better handling of annotation interfaces
8001318: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
8001330: Improve on checking order
8003703: Update RMI connection dialog box
8004584: Augment applet contextualization
8005007: Better glyph processing
8006328: Improve robustness of sound classes
8006611: Improve scripting
8007467: Improve robustness of JMX internal APIs
8007471: Improve MBean notifications
8007812: (reflect) Class.getEnclosingMethod problematic for some classes
8008120: Improve JMX class checking
8008124: Better compliance testing
8008128: Better API coherence for JMX
8008132: Better serialization support
8008585: Better JMX data handling
8008593: Better URLClassLoader resource management
8008603: Improve provision of JMX providers
8008611: Better handling of annotations in JMX
8008616: Improve robustness of JMX internal APIs
8008623: Better handling of MBeanServers
8008744: Rework part of fix for JDK-6741606
8008982: Adjust JMX for underlying interface changes
8009004: Better implementation of RMI connections
8009013: Better handling of T2K glyphs
8009034: Improve resulting notifications in JMX
8009038: Improve JMX notification support
8009067: Improve storing keys in KeyStore
8009235: Improve handling of TSA data
6888167: memory leaks in the medialib glue code
8011243: Improve ImagingLib
8011248: Better Component Rasters
8011253: Better Short Component Rasters
8011257: Better Byte Component Rasters
8011557: Improve reflection utility classes
8012421: Better positioning of PairPositioning
8012438: Better image validation
8012597: Better image channel verification
8012601: Better validation of image layouts
8014281: Better checking of XML signature
OPENJDK6-10: Add additional use of generics to satisfy OpenJDK 6 javac

IcedTea patches:

patches/openjdk/7195301-no_instanceof_node.patch 
patches/openjdk/6469266-xmlsec_1.4.2.patch 
patches/security/20130618/6741606-apache_santuario.patch 
patches/security/20130618/7170730-windows_network_stack.patch 
patches/security/20130618/8000638-improve_deserialization.patch 
patches/security/20130618/8001032-restrict_object_access-jdk.patch 
patches/security/20130618/8001033-refactor_address_handling.patch 
patches/security/20130618/8001034-memory_management.patch 
patches/security/20130618/8001038-resourcefully_handle_resources.patch 
patches/security/20130618/8001043-clarify_definition_restrictions.patch 
patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch 
patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch 
patches/security/20130618/8001318-6_fixup.patch 
patches/security/20130618/8001330-improve_checking_order.patch 
patches/security/20130618/8003703-update_rmi_connection_dialog.patch 
patches/security/20130618/8004584-augment_applet_contextualization.patch 
patches/security/20130618/8005007-better_glyph_processing.patch 
patches/security/20130618/8006328-sound_class_robustness.patch 
patches/security/20130618/8006328-6_fixup.patch 
patches/security/20130618/8006611-improve_scripting.patch 
patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch 
patches/security/20130618/8007471-improve_mbean_notifications.patch 
patches/security/20130618/8007471-6_fixup.patch 
patches/security/20130618/8007812-getenclosingmethod.patch 
patches/security/20130618/8008120-improve_jmx_class_checking.patch 
patches/security/20130618/8008124-better_compliance_testing.patch 
patches/security/20130618/8008128-better_jmx_api_coherence.patch 
patches/security/20130618/8008132-better_serialization.patch 
patches/security/20130618/8008585-jmx_data_handling.patch 
patches/security/20130618/8008593-better_urlclassloader.patch 
patches/security/20130618/8008603-jmx_provider_provision.patch 
patches/security/20130618/8008611-jmx_annotations.patch 
patches/security/20130618/8008611-6_fixup.patch 
patches/security/20130618/8008615-jmx_internal_api_robustness.patch 
patches/security/20130618/8008623-mbeanserver_handling.patch 
patches/security/20130618/8008744-6741606_rework.patch 
patches/security/20130618/8008982-jmx_interface_changes.patch 
patches/security/20130618/8009004-rmi_connection_improvement.patch 
patches/security/20130618/8009013-t2k_glyphs.patch 
patches/security/20130618/8009034-jmx_notification_improvement.patch 
patches/security/20130618/8009038-jmx_notification_support_improvement.patch 
patches/security/20130618/8009067-improve_key_storing.patch 
patches/security/20130618/8009235-improve_tsa_data_handling.patch 
patches/openjdk/6888167-medialib_memory_leaks.patch 
patches/security/20130618/8011243-improve_imaginglib.patch 
patches/security/20130618/8011248-better_component_rasters.patch 
patches/security/20130618/8011253-better_short_component_rasters.patch 
patches/security/20130618/8011257-better_byte_component_rasters.patch 
patches/security/20130618/8011557-improve_reflection.patch 
patches/security/20130618/8012421-better_positioning.patch 
patches/security/20130618/8012438-better_image_validation.patch 
patches/security/20130618/8012597-better_image_channel_validation.patch 
patches/security/20130618/8012601-better_layout_validation.patch 
patches/security/20130618/8014281-better_xml_signature_checking.patch 
patches/security/20130618/diamond_fix.patch 
patches/security/20130618/javac_issue.patch 

The fixup patches have been combined with the original bug, as they should
have been to start with.  The contents of diamond_fix have also been applied
as part of the appropriate patches.  Otherwise, there is a 1-to-1 correlation
between patches and changesets.

Ok to push?
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the jdk6-dev mailing list