[PATCH] b34 Release and retro-active security patch review
Andrew Hughes
gnu.andrew at redhat.com
Wed Jan 21 04:05:59 UTC 2015
We have a new release, b34, which is made from the current state
of the OpenJDK 6 repositories plus backports of the new
security fixes included in 7u75.
The tarballs are available here:
https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b34-20_jan_2015.tar.gz
https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b34-20_jan_2015.tar.xz
SHA256 checksums:
56095259a48c452f7fbf3313215aef7c5ff10d96f5a42fd8c6c91ab3c215805b openjdk-6-src-b34-20_jan_2015.tar.gz
13d1b4e1e152b6f9ad81b5558d6c7c0d3315a9e9494e49e515229722e2ee4e51 openjdk-6-src-b34-20_jan_2015.tar.xz
Changes:
- S4873188: Support TLS 1.1
- S6364329: jstat displays "invalid argument count" with usage
- S6461635: [TESTBUG] BasicTests.sh test fails intermittently
- S6507067: TimeZone country/area message error
- S6541350: TimeZone display names localization
- S6545422: [TESTBUG] NativeErrors.java uses wrong path name in exec
- S6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()
- S6585666: Spanish language names not compliant with CLDR
- S6587676: Krb5LoginModule failure if useTicketCache=true on Vista
- S6608572: Currency change for Malta and Cyprus
- S6610748: Dateformat - AM-PM indicator in Finnish appears to be from English
- S6627549: ISO 3166 code addition: Saint Barthelemy and Saint Martin
- S6631048: Problem when writing on output stream of HttpURLConnection
- S6641309: Wrong Cookie separator used in HttpURLConnection
- S6641312: Fix krb5 codes indentation problems
- S6645271: Wrong date format for Croatian (hr) locale
- S6646611: Incorrect spelling of month name in locale for Belarusian language ("be", "BY")
- S6647452: Remove obfuscation, framework and provider self-verification checking
- S6653795: C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems
- S6659779: HttpURLConnections logger should log tunnel requests
- S6670362: HTTP/SPNEGO should work across realms
- S6706974: Add krb5 test infrastructure
- S6716626: Integrate contributed language and country names for NL
- S6720866: Slow performance using HttpURLConnection for upload
- S6726695: HttpURLConnection shoul support 'Expect: 100-contimue' headers for PUT
- S6729881: Compiler warning in networking native code
- S6761072: new krb5 tests fail on multiple platforms
- S6765491: Krb5LoginModule a little too restrictive, and the doc is not clear.
- S6776102: sun/util/resources/TimeZone/Bug6317929.java test failed against 6u12b01 and passed against 6u11b03
- S6786276: Locale.getISOCountries() still contains country code "CS"
- S6792180: Enhance to reject weak algorithms or conform to crypto recommendations
- S6811297: Add more logging to HTTP protocol handler
- S6821191: Timezone display name localization
- S6822460: support self-issued certificate
- S6830658: Changeset 67e5d3e41b5b breaks the fastdebug build in NativeCreds.c
- S6835668: Use of /usr/include/linux/ files creates a dependence on kernel-headers
- S6855297: Windows build breaks after 6811297
- S6856856: NPE in HTTP protocol handler logging
- S6868106: Ukrainian currency has wrong format
- S6870908: reopen bug 4244752: month names in Estonian should be lowercase
- S6873931: New Turkish currency since 2009
- S6882594: Remove static dependancy on NTLM authentication
- S6899503: Security code issue using Verisign root certificate
- S6910489: Slovenia Locale, wrong firstDayOfWeek number
- S6911104: Tests do not work with CYGWIN: tools, sun/tools, and com/sun/tools
- S6914413: abbreviation name for November is not correct in be_BY
- S6916787: Ukrainian currency name needs to be fixed
- S6919624: minimalDaysInFirstWeek ressource for hungarian is wrong
- S6925851: Localize JRE into pt_BR
- S6931564: Incorrect display name of Locale for south africa
- S6931566: NetworkInterface is not working when interface name is more than 15 characters long
- S6938454: 2 new testcases for bug: Unable to determine generic type in program that compiles under Java 6
- S6938454: Unable to determine generic type in program that compiles under Java 6
- S6945604: wrong error message in CardImpl.java
- S6962617: Testcase changes, cleanup of problem list for jdk_tools targets
- S6964714: NetworkInterface getInetAddresses enumerates IPv6 addresses if java.net.preferIPvStack property set
- S6967937: Scope id no longer being set after 6931566
- S6972374: NetworkInterface.getNetworkInterfaces throws "java.net.SocketException" on Solaris zone
- S6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
- S6977550: (tz) Support tzdata2010l
- S6996686: (tz) Support tzdata2010o
- S7001720: copyright templates not rebranded
- S7017800: (tz) Support tzdata2011b
- S7019267: Currency Display Names are not localized into pt_BR.
- S7020583: Some currency names are missing in some locales
- S7020960: CurrencyNames_sr_RS.properties is missing.
- S7022269: clean up fscanf usage in Linux networking native code
- S7025837: fix plural currency display names in sr_Latn_(BA|ME|RS).properties
- S7027387: (tz) Support tzdata2011d
- S7028073: The currency symbol for Peru is wrong
- S7033174: (tz) Support tzdata2011e
- S7035073: Add missing timezones to TimeZoneNames_pt_BR.java
- S7035555: 4/4 attach/BasicTests.sh needs another tweak for Cygwin
- S7036025: java.security.AccessControlException when creating JFileChooser in signed applet
- S7036905: [de] dem - the german mark display name is incorrect
- S7039469: (tz) Support tzdata2011g
- S7047033: (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true
- S7066203: Update currency data to the latest ISO 4217 standard
- S7077119: remove past transition dates from CurrencyData.properties file
- S7079012: test/java/net/NetworkInterface/NetParamsTest.java fails with SocketException getting mac address
- S7085757: Currency Data: ISO 4217 Amendment 152
- S7090843: (tz) Support tzdata2011j
- S7103108: (tz) Support tzdata2011l
- S7103405: Correct display names for Pacific/Apia timezone
- S7104126: Insert openjdk copyright header back into TZdata files
- S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
- S7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites
- S7158483: (tz) Support tzdata2012c
- S7161796: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror
- S7171028: dots are missed in the datetime for Slovanian
- S7174244: NPE in Krb5ProxyImpl.getServerKeys()
- S7185456: (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotations
- S7189611: Venezuela current Currency should be Bs.F.
- S7195759: ISO 4217 Amendment 154
- S7198570: (tz) Support tzdata2012f
- S7199066: Typo in method name
- S7201205: Add Makefile configuration option to build with unlimited crypto in OpenJDK.
- S8002225: (tz) Support tzdata2012i
- S8005232: (JEP-149) Class Instance size reduction
- S8006748: getISO3Country() returns wrong value
- S8009987: (tz) Support tzdata2013b
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8014469: (tz) Support tzdata2013c
- S8015421: NegativeArraySizeException occurs in ChunkedOutputStream() with Integer.MAX_VALUE
- S8015570: Use long comparison in Rule.getRules().
- S8020054: (tz) Support tzdata2013d
- S8021121: ISO 4217 Amendment Number 156
- S8021372: NetworkInterface.getNetworkInterfaces() returns duplicate hardware address
- S8022721: TEST_BUG: AnnotationTypeDeadlockTest.java throws java.lang.IllegalStateException: unexpected condition
- S8023956: Provide a work-around to broken Linux 32 bit "Exec Shield" using CS for NX emulation (crashing with SI_KERNEL)
- S8025051: Update resource files for TimeZone display names
- S8025255: (tz) Support tzdata2013g
- S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing
- S8027359: XML parser returns incorrect parsing results
- S8027370: Support tzdata2013h
- S8027695: There should be a space before % sign in Swedish locale
- S8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings
- S8028726: (prefs) Check src/solaris/native/java/util/FileSystemPreferences.c for JNI pending exceptions
- S8029153: [TESTBUG] test/compiler/7141637/SpreadNullArg.java fails because it expects NullPointerException
- S8029318: Native Windows ccache still reads DES tickets
- S8030822: (tz) Support tzdata2013i
- S8031046: Native Windows ccache might still get unsupported ticket
- S8032788: ImageIcon constructor throws an NPE and hangs when passed a null String parameter
- S8032909: XSLT string-length returns incorrect length when string includes complementary chars
- S8035613: With active Securitymanager JAXBContext.newInstance fails
- S8037012: (tz) Support tzdata2014a
- S8038306: (tz) Support tzdata2014b
- S8040617: [macosx] Large JTable cell results in a OutOfMemoryException
- S8041990: [macosx] Language specific keys does not work in applets when opened outside the browser
- S8043012: (tz) Support tzdata2014c
- S8046343: (smartcardio) CardTerminal.connect('direct') does not work on MacOSX
- S8046656: Update protocol support
- S8047125: (ref) More phantom object references
- S8047130: Fewer escapes from escape analysis
- S8048035: Ensure proper proxy protocols
- S8049250: Need a flag to invert the Card.disconnect(reset) argument
- S8049253: Better GC validation
- S8049343: (tz) Support tzdata2014g
- S8050485: super() in a try block in a ctor causes VerifyError
- S8050807: Better performing performance data handling
- S8051012: Regression in verifier for <init> method call from inside of a branch
- S8051614: smartcardio TCK tests fail due to lack of 'reset' permission
- S8054367: More references for endpoints
- S8055222: Currency update needed for ISO 4217 Amendment #159
- S8055304: More boxing for DirectoryComboBoxModel
- S8055309: RMI needs better transportation considerations
- S8055479: TLAB stability
- S8055489: Better substitution formats
- S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002] failure
- S8056264: Multicast support improvements
- S8056276: Fontmanager feature improvements
- S8057555: Less cryptic cipher suite management
- S8058715: stability issues when being launched as an embedded JVM via JNI
- S8058982: Better verification of an exceptional invokespecial
- S8059206: (tz) Support tzdata2014i
- S8059485: Resolve parsing ambiguity
- S8060474: Resolve more parsing ambiguity
- S8061210: Issues in TLS
- S8061826: Part of JDK-8060474 should be reverted
- S8062561: Test bug8055304 fails if file system default directory has read access
- S8062807: Exporting RMI objects fails when run under restrictive SecurityManager
- S8064560: (tz) Support tzdata2014j
- OPENJDK6-43: Backport JAX_WS-945; Socket backlog may be limiting lwhs performance
- OPENJDK6-44: Add missing TimeZone test cases included in OpenJDK 7 revision 0.
- OPENJDK6-45: Fix copyright headers on imported files
- OPENJDK6-46: Fix lost Classpath exception
- OPENJDK6-47: Remove @Override annotation on interfaces added by 2015/01/20 security fixes.
- OPENJDK6-48: Fix substitution error.
- OPENJDK6-49: Fix placement of 8023956 fix.
- OPENJDK6-50: Fix reference to missing pd_attempt_reserve_memory_at
Webrevs for the new changes:
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/root/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/corba/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/jaxp/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/jaxws/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/hotspot/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/jdk/
http://cr.openjdk.java.net/~andrew/openjdk6/20150120/langtools/
Once approved, I'll push these to the OpenJDK 6 repository along with a b34 tag.
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the jdk6-dev
mailing list