[PATCH] jdk7u91-b01 retro-active security patch review
Andrew Hughes
gnu.andrew at redhat.com
Wed Oct 28 21:32:13 UTC 2015
We have a new release of IcedTea [0] and a new OpenJDK 7 release, u91-b01,
to go with it. This is made from the current state of the OpenJDK 7u
repositories plus backports of the new security fixes included in 8u65.
Release tarballs for u91-b01 will follow.
Changes since u85-b02:
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081760: Better group dynamics
- S8086092, CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8130078, CVE-2015-4911: Document better processing
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* Other changes in OpenJDK 7 u91 build 0
- S6854417: TESTBUG: java/util/regex/RegExTest.java fails intermittently
- S6966259: Make PrincipalName and Realm immutable
- S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
- S8014097: add doPrivileged methods with limited privilege scope
- S8021191: Add isAuthorized check to limited doPrivileged methods
- S8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt
- S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC
- S8076506: Increment minor version of HSx for 7u91 and initialize the build number
- S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java
- S8079323: Serialization compatibility for Templates: need to exclude Hashtable from serialization
- S8087118: Remove missing package from java.security files
- S8098547: (tz) Support tzdata2015e
- S8130253: ObjectStreamClass.getFields too restrictive
- S8133321: (tz) Support tzdata2015f
- S8135043: ObjectStreamClass.getField(String) too restrictive
* Changes in OpenJDK 7 u91 build 1
- S8072932: Test fails with java.security.AccessControlException: access denied ("java.security.SecurityPermission" "getDomainCombiner")
Webrevs for the new changes:
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/root/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/corba/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/jaxp/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/jaxws/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/hotspot/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/jdk/
http://cr.openjdk.java.net/~andrew/openjdk7/20151020/langtools/
Once approved, I'll push these to the OpenJDK 7u repository.
[0] http://bitly.com/it20602
Thanks,
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the jdk7u-dev
mailing list