[PATCH] b36 Release and retro-active security patch review
Andrew Hughes
gnu.andrew at redhat.com
Fri Aug 14 18:51:13 UTC 2015
----- Original Message -----
> * Andrew Hughes <gnu.andrew at redhat.com> [2015-07-30 16:54]:
> > Changes since b36 (including both CPU fixes and upstreamed changes):
>
> I assume you meant b35 here.
>
> > - S8043200, PR2485: Decrease the preference mode of RC4 in the enabled
> > cipher suite list
>
> I don't quite follow this patch. If PRESERVE_RC4 is true, doesn't it put
> SSL_RSA_WITH_RC4_128_MD5 at the top of the cipher list from its original
> lower position?
>
It was there in OpenJDK 6 originally; check out
"6996365: Evaluate the priorities of cipher suites", the changeset
before, which is what moves MD5 down. I started on 8043200 before deciding
we'd need 6996365 too, hence why that probably got kept like that.
> That said, given that 8043202 removes these RC4 ciphers, it probably
> doesn't matter.
Yeah, comparing the final version with 7 shows there's no difference
other than some indenting and new TLS 1.2 ciphers in 7.
>
> > - S8062923: XSL: Run-time internal error in 'substring()'
> > - S8062924: XSL: wrong answer from substring() function
>
> This patch has a 'ORACLE PROPRIETARY/CONFIDENTIAL' header.
>
I assume you're talking about:
jdk/test/javax/xml/jaxp/transform/8062923/XslSubstringTest.java
It looks like a bad OpenJDK 7 change:
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d63b4806622e
We'll fix it there and then backport it to 6.
> Looks okay to me otherwise.
>
Pushed.
> Cheers,
> Omair
>
> --
> PGP Key: 66484681 (http://pgp.mit.edu/)
> Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
>
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the jdk6-dev
mailing list