[PATCH] jdk6-b44 retro-active security patch review

Andrew Brygin abrygin at azul.com
Fri Sep 1 06:33:13 UTC 2017 

Thanks for the review, the changes have been pushed,
a new tag jdk6-b44 has been added.

Thanks,
Andrew

> On Aug 31, 2017, at 8:56 PM, Dmitry Cherepanov <dcherepanov at azul.com> wrote:
> 
> Looks good to me.
> 
> Thanks,
> 
> Dmitry
> 
>> On Aug 30, 2017, at 6:04 PM, Andrew Brygin <abrygin at azul.com> wrote:
>> 
>> Hello,
>> 
>> Here’s backport of security fixes included in 8u141 to OpenJDK 6.
>> 
>> Changes since jdk6-b43
>> 
>> * Security fixes: 
>> 
>> 8175106, CVE-2017-10115: Higher quality DSA operations
>> 8174098, CVE-2017-10110: Better image fetching
>> 8176067, CVE-2017-10116: Proper directory lookup processing
>> 8174113, CVE-2017-10109: Better sourcing of code
>> 8169209, CVE-2017-10053: Improved image post-processing steps
>> 8173697, CVE-2017-10107: Less Active Activations
>> 8163958, CVE-2017-10102: Improved garbage collection
>> 8172204, CVE-2017-10087: Better Thread Pool execution
>> 8173770, CVE-2017-10074: Image conversion improvements
>> 8173286, CVE-2017-10101: Better reading of text catalogs
>> 8170966, CVE-2017-10081: Right parenthesis issue
>> 8176760, CVE-2017-10135: Better handling of PKCS8 material
>> 8174105, CVE-2017-10108: Better naming attribution
>> 8169392, CVE-2017-10067: Additional jar validation steps
>> 8172469, CVE-2017-10096: Transform Transformer Exceptions
>> 8172461, CVE-2017-10089: Service Registration Lifecycle
>> 
>> * Defense-in-depth fixes:
>> 
>> 8167228: Update to libpng 1.6.28
>> 8174770: Check registry registration location
>> 8174873: Improved certificate procesing
>> 8176055: JMX diagnostic improvements
>> 
>> * Other fixes:
>> 
>> 8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception
>> 8143377: Test PKCS8Test.java fails
>> 8175251: Failed to load RSA private key from pkcs12
>> 8176769: Remove accidental spec change in jdk8u
>> 8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set
>> 8155690: Update libPNG library to the latest up-to-date
>> 8030787: [Parfait] JNI-related warnings from b119 for jdk/src/share/native/sun/awt/image
>> 8037287: Windows build failed after JDK-8030787
>> 8162461: Hang due to JNI up-call made whilst holding JNI critical lock
>> 8177449: (tz) Support tzdata2017b
>> 8013434: Xalan and Xerces internal ObjectFactory need rework
>> 8176731: JCK tests in api/javax_xml/transform/ spec conformance started failing after 8172469
>> 8182054: Improve wsdl support
>> 8181591: 8u141 L10n resource file update
>> 6945961: SIGSEGV in memcpy() during class loading on linux-i586
>> 
>> 
>> Fixes listed below have not been backported in jdk6-b44 due to time constraints.
>> These changes will be included in later updates of jdk6.
>> 
>> 8176536: Improved algorithm constraints checking
>> 8179998: Clear certificate chain connections
>> 8179101: Improve algorithm constraints implementation
>> 
>> Webrevs for the changes:
>> 
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/root/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/corba/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/hotspot/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxp/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxws/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jdk/webrev/
>> http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/langtools/webrev/
>> 
>> Please review.
>> 
>> Thanks,
>> Andrew
>> 
>

More information about the jdk6-dev mailing list