[PATCH] jdk6-b44 retro-active security patch review

Andrew Brygin abrygin at azul.com
Wed Aug 30 15:04:44 UTC 2017 

Hello,

Here’s backport of security fixes included in 8u141 to OpenJDK 6.

Changes since jdk6-b43

* Security fixes: 

8175106, CVE-2017-10115: Higher quality DSA operations
8174098, CVE-2017-10110: Better image fetching
8176067, CVE-2017-10116: Proper directory lookup processing
8174113, CVE-2017-10109: Better sourcing of code
8169209, CVE-2017-10053: Improved image post-processing steps
8173697, CVE-2017-10107: Less Active Activations
8163958, CVE-2017-10102: Improved garbage collection
8172204, CVE-2017-10087: Better Thread Pool execution
8173770, CVE-2017-10074: Image conversion improvements
8173286, CVE-2017-10101: Better reading of text catalogs
8170966, CVE-2017-10081: Right parenthesis issue
8176760, CVE-2017-10135: Better handling of PKCS8 material
8174105, CVE-2017-10108: Better naming attribution
8169392, CVE-2017-10067: Additional jar validation steps
8172469, CVE-2017-10096: Transform Transformer Exceptions
8172461, CVE-2017-10089: Service Registration Lifecycle

* Defense-in-depth fixes:

8167228: Update to libpng 1.6.28
8174770: Check registry registration location
8174873: Improved certificate procesing
8176055: JMX diagnostic improvements

* Other fixes:

8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception
8143377: Test PKCS8Test.java fails
8175251: Failed to load RSA private key from pkcs12
8176769: Remove accidental spec change in jdk8u
8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set
8155690: Update libPNG library to the latest up-to-date
8030787: [Parfait] JNI-related warnings from b119 for jdk/src/share/native/sun/awt/image
8037287: Windows build failed after JDK-8030787
8162461: Hang due to JNI up-call made whilst holding JNI critical lock
8177449: (tz) Support tzdata2017b
8013434: Xalan and Xerces internal ObjectFactory need rework
8176731: JCK tests in api/javax_xml/transform/ spec conformance started failing after 8172469
8182054: Improve wsdl support
8181591: 8u141 L10n resource file update
6945961: SIGSEGV in memcpy() during class loading on linux-i586


Fixes listed below have not been backported in jdk6-b44 due to time constraints.
These changes will be included in later updates of jdk6.

8176536: Improved algorithm constraints checking
8179998: Clear certificate chain connections
8179101: Improve algorithm constraints implementation

Webrevs for the changes:

http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/root/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/corba/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/hotspot/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxp/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxws/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jdk/webrev/
http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/langtools/webrev/

Please review.

Thanks,
Andrew

More information about the jdk6-dev mailing list