[PATCH] b40 Release and retro-active security patch review

Thu Aug 25 03:35:02 UTC 2016

We have a new release of IcedTea (http://bitly.com/it11312) and a new OpenJDK
6 release, b40, to go with it. This is made from the current state of the OpenJDK 6
repositories plus backports of the new security fixes included in 7u111 & 8u101.

The tarballs are available here:

https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b40-22_aug_2016.tar.gz
https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b40-22_aug_2016.tar.xz

SHA256 checksums:

4569e4fb5d09dc6a7b31663227c27e12011bb32f9edeee4d3ddca89bdec16407  openjdk-6-src-b40-22_aug_2016.tar.gz
70ac61635032e77cecf935b53b22a9545d5d0a7f55ad6a15dca9b84a2be993be  openjdk-6-src-b40-22_aug_2016.tar.xz

Changes since b39 (including both CPU fixes and upstreamed changes):
  - S4893408: JPEGReader throws IllegalArgException when setting the destination to BYTE_GRAY
  - S6496269: Many warnings generated from com/sun/java/util/jar/pack/*.cpp when compiled on Linux
  - S6522789: [zh_CN] translation of "enclosing class" in doclet is incorrect
  - S6563752: Build and test JDK7 with Sun Studio 12 Express compilers (prep makefiles)
  - S6575373: Error verifying signatures of pack200 files in some cases [TEST ONLY]
  - S6579775: l10n update after 6212566
  - S6600143: Remove another 450 unnecessary casts
  - S6611629: Avoid hardcoded cygwin paths for memory detection
  - S6631559: Registration of ImageIO plugins should not cause loading of jpeg.dlli and cmm.dll
  - S6690018: RSAClientKeyExchange NullPointerException
  - S6712743: pack200: should default to 150.7 pack format for classfiles without any classes.
  - S6714842: CertPathBuilder returns incorrect CertPath for BasicConstraints in builderParams
  - S6726309: Compiler warnings in nio code
  - S6727683: Cleanup use of COMPILER_WARNINGS_FATAL in makefiles
  - S6729772: 64-bit build with SS12 compiler: SIGSEGV (0xb) at pc=0x0000000000000048, pid=14826, tid=2
  - S6752638: java.awt.GraphicsEnvironment.preferLocaleFonts() throws NPE on Linux
  - S6755847: (launcher) will trigger assertions in debug build
  - S6791502: IIOException "Invalid icc profile" on jpeg after update from JDK5 to JDK6
  - S6793818: JpegImageReader is too greedy creating color profiles
  - S6799141: Build with --hash-style=both so that binaries can work on SuSE 10
  - S6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003
  - S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected
  - S6858127: Missing -DNDEBUG on Linux and Windows native code compiles
  - S6864028: Update the java launcher to use the new entry point JVM_FindClassFromBootLoader
  - S6875904: Java 7 message synchronization 1
  - S6882437: CertPath/X509CertPathDiscovery/Test fails on jdk7/pit/b62
  - S6888127: java.util.jar.Pack200.Packer Memory Leak
  - S6888215: memory leak in jpeg plugin
  - S6888925: SunMSCAPI's Cipher can't use RSA public keys obtained from other sources.
  - S6889552: Sun provider should not require LDAP CertStore to be present
  - S6941936: Broken pipe error of test case DNSIdentities.java
  - S6951599: Rename package of security tools for modularization
  - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package
  - S6958026: Problem with PKCS12 keystore
  - S6966737: (pack200) the pack200 regression tests need to be more robust.
  - S6974017: Upgrade required Solaris Studio compilers to 5.10 (12 update 1 + patches)
  - S6980281: SWAT: SwingSet2 got core dumped in Solaris-AMD64 using b107 swat build
  - S6982312: (pack200) pack200 fails with the jdk7 class files
  - S6985763: Pack200.Packer.pack(...) and Pack200.Unpacker.unpack(...) throw unspecified exceptions
  - S6989774: imageio compiler warnings in native code
  - S6990106: FindBugs scan - Malicious code vulnerability Warnings in com.sun.java.util.jar.pack.*
  - S6994413: JDK_GetVersionInfo0 only expects a two digit build number
  - S7000225: Sanity check on sane-alsa-headers is broken
  - S7000752: Duplicate entry in RowSetResourceBundles.properties
  - S7001094: Can't initialize SunPKCS11 more times than PKCS11 driver maxSessionCount
  - S7003227: (pack200) intermittent failures compiling pack200
  - S7004706: l10n of 7000752 Duplicate entry in RowSetResourceBundles.properties
  - S7006704: (pack200) add missing file for 6990106
  - S7011497: Improve trust anchor searching method during cert path validation
  - S7017734: jdk7 message drop 1 translation integration
  - S7023416: (pack200) fix parfait issues
  - S7029680: fix test/sun/misc/Version/Version.java build parsing
  - S7038175: Expired PKITS certificates causing CertPathBuilder and CertPathValidator regression test failures
  - S7038711: Fix CC_VER checks for compiler options, fix use of -Wno-clobber
  - S7050826: Hebrew characters are not rendered on OEL 5.6
  - S7055363: jdk_security3 test target cleanup
  - S7060849: Eliminate pack200 build warnings
  - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
  - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond
  - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java failing
  - S7092825: javax.crypto.Cipher.Transform.patternCache is synchronizedMap and became scalability bottleneck.
  - S7105780: Add SSLSocket client/SSLEngine server to templates directory
  - S7107613: scalability blocker in javax.crypto.CryptoPermissions
  - S7107616: scalability blocker in javax.crypto.JceSecurityManager
  - S7109274: Restrict the use of certificates with RSA keys less than 1024 bits
  - S7129083: CookieManager does not store cookies if url is read before setting cookie manager
  - S7152582: PKCS11 tests should use the NSS libraries available in the OS
  - S7166955: (pack200) JNI_GetCreatedJavaVMs needs additional checking
  - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found
  - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so
  - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win]
  - S8009634: TEST_BUG: sun/misc/Version/Version.java handle 2 digit minor in VM version
  - S8010166: TEST_BUG: fix for 8009634 overlooks possible version strings (sun/misc/Version/Version.java)
  - S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout
  - S8019341: Update CookieHttpsClientTest to use the newer framework.
  - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs
  - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil
  - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently
  - S8026794: Test tools/pack200/TimeStamp.java fails while opening golden.jar.native.IST on linux-ppc(v2)
  - S8027026: Change keytool -genkeypair to use -keyalg RSA
  - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending
  - S8029646: [pack200] should support the new zip64 format.
  - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp
  - S8037557: test SessionCacheSizeTests.java timeout
  - S8074839: Resolve disabled warnings for libunpack and the unpack200 binary
  - S8079410: Hotspot version to share the same update and build version from JDK
  - S8079718: IIOP Input Stream Hooking
  - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts
  - S8139436: sun.security.mscapi.KeyStore might load incomplete data
  - S8140344: add support for 3 digit update release numbers
  - S8144313: Test SessionTimeOutTests can be timeout
  - S8145017: Add support for 3 digit hotspot minor version numbers
  - S8145446: Perfect pipe placement
  - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out
  - S8146669: Test SessionTimeOutTests fails intermittently
  - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811
  - S8147771: Construction of static protection domains under Javax custom policy
  - S8147857: [TEST] RMIConnector logs attribute names incorrectly
  - S8148872: Complete name checking
  - S8149962: Better delineation of XML processing
  - S8150752: Share Class Data
  - S8151841: Build needs additional flags to compile with GCC 6
  - S8151876: (tz) Support tzdata2016d
  - S8151925: Font reference improvements
  - S8152479: Coded byte streams
  - S8155981: Bolster bytecode verification
  - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known.
  - S8162344: The API changes made by CR 7064075 need to be reverted
  - S8162818: Sync src/share/native/com/sun/media code with OpenJDK 7
  - S8162828: Sync imageioJPEG.c with initial OpenJDK 7 version
  - S8163022: Remove @Override annotation on interfaces added by 2016/04 security fixes
  - S8164181: Remove @Override annotation on interfaces added by 2016/07 security fixes
  - S8164426: Normalise whitespace in src/share/classes/com/sun/java/util/jar/pack
  - S8164554: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java still failing
  - S8164555: pack200: Leave ZipFile open on exceptions

Webrevs for the new changes:

http://cr.openjdk.java.net/~andrew/openjdk6/20160719/root/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/corba/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/jaxp/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/jaxws/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/hotspot/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/jdk/
http://cr.openjdk.java.net/~andrew/openjdk6/20160719/langtools/

Ok to push?

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222