[PATCH] jdk6-b44 retro-active security patch review

Dmitry Cherepanov dcherepanov at azul.com
Thu Aug 31 17:56:41 UTC 2017 

Looks good to me.

Thanks,

Dmitry

> On Aug 30, 2017, at 6:04 PM, Andrew Brygin <abrygin at azul.com> wrote:
> 
> Hello,
> 
> Here’s backport of security fixes included in 8u141 to OpenJDK 6.
> 
> Changes since jdk6-b43
> 
> * Security fixes: 
> 
> 8175106, CVE-2017-10115: Higher quality DSA operations
> 8174098, CVE-2017-10110: Better image fetching
> 8176067, CVE-2017-10116: Proper directory lookup processing
> 8174113, CVE-2017-10109: Better sourcing of code
> 8169209, CVE-2017-10053: Improved image post-processing steps
> 8173697, CVE-2017-10107: Less Active Activations
> 8163958, CVE-2017-10102: Improved garbage collection
> 8172204, CVE-2017-10087: Better Thread Pool execution
> 8173770, CVE-2017-10074: Image conversion improvements
> 8173286, CVE-2017-10101: Better reading of text catalogs
> 8170966, CVE-2017-10081: Right parenthesis issue
> 8176760, CVE-2017-10135: Better handling of PKCS8 material
> 8174105, CVE-2017-10108: Better naming attribution
> 8169392, CVE-2017-10067: Additional jar validation steps
> 8172469, CVE-2017-10096: Transform Transformer Exceptions
> 8172461, CVE-2017-10089: Service Registration Lifecycle
> 
> * Defense-in-depth fixes:
> 
> 8167228: Update to libpng 1.6.28
> 8174770: Check registry registration location
> 8174873: Improved certificate procesing
> 8176055: JMX diagnostic improvements
> 
> * Other fixes:
> 
> 8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception
> 8143377: Test PKCS8Test.java fails
> 8175251: Failed to load RSA private key from pkcs12
> 8176769: Remove accidental spec change in jdk8u
> 8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set
> 8155690: Update libPNG library to the latest up-to-date
> 8030787: [Parfait] JNI-related warnings from b119 for jdk/src/share/native/sun/awt/image
> 8037287: Windows build failed after JDK-8030787
> 8162461: Hang due to JNI up-call made whilst holding JNI critical lock
> 8177449: (tz) Support tzdata2017b
> 8013434: Xalan and Xerces internal ObjectFactory need rework
> 8176731: JCK tests in api/javax_xml/transform/ spec conformance started failing after 8172469
> 8182054: Improve wsdl support
> 8181591: 8u141 L10n resource file update
> 6945961: SIGSEGV in memcpy() during class loading on linux-i586
> 
> 
> Fixes listed below have not been backported in jdk6-b44 due to time constraints.
> These changes will be included in later updates of jdk6.
> 
> 8176536: Improved algorithm constraints checking
> 8179998: Clear certificate chain connections
> 8179101: Improve algorithm constraints implementation
> 
> Webrevs for the changes:
> 
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/root/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/corba/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/hotspot/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxp/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxws/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jdk/webrev/
> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/langtools/webrev/
> 
> Please review.
> 
> Thanks,
> Andrew
>

More information about the jdk6-dev mailing list