[PATCH] jdk7u171-b02 security patch review
Andrew Hughes
gnu.andrew at redhat.com
Thu Feb 15 21:43:11 UTC 2018
8u161 was released in mid-January and we've backported appropriate
changes to OpenJDK 7 to create OpenJDK 7 u171.
Unlike with previous releases, I'm posting these changes first, while
we are still doing release testing on them. This gives time for others
to test these changes and propose any further fixes for the release.
I'l post separately when our testing is successful and we plan to
produce the release.
The changes from u161-b01 to u171-b02 are as follows:
u171-b00:
- S7043064: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly
- S7051394: NullPointerException when running regression tests
LoadProfileTest by using openjdk-7-b144
- S7124245: [lcms] ColorConvertOp to color space CS_GRAY apparently
converts orange to 244,244,0
- S7171982: Cipher getParameters() throws RuntimeException: Cannot
find SunJCE provider
- S7172652: With JDK 1.7 text field does not obtain focus when using
mnemonic Alt/Key combin
- S8005402: Need to provide benchmarks for color management
- S8005530: [lcms] Improve performance of ColorConverOp for default
destinations
- S8005930: [lcms] ColorConvertOp: Alpha channel is not transferred
from source to destination.
- S8007607: security native code doesn't always use malloc, realloc,
and calloc correctly
- S8013430: REGRESSION:
closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java
fails with java.io.StreamCorruptedException: invalid type code: EE
since 8b87
- S8014307: Memory leak ... security/jgss/wrapper/GSSLibStub.c
- S8022532: [parfait] Potential memory leak in gtk2_interface.c
- S8024511: Crash during color profile destruction
- S8025429: [parfait] warnings from b107 for sun.java2d.cmm: JNI
exception pending
- S8026702: Fix for 8025429 breaks jdk build on windows
- S8026780: Crash on PPC and PPC v2 for Java_awt test suit
- S8031003: [Parfait] warnings from
jdk/src/share/native/sun/security/jgss/wrapper: JNI exception pending
- S8035105: DNS provider cleanups
- S8041781: Need new regression tests for PBE keys
- S8041787: Need new regressions tests for buffer handling for PBE algorithms
- S8044193: Need to add known answer tests for AES cipher
- S8047066: Test test/sun/awt/image/bug8038000.java fails with
ClassCastException
- S8048601: Tests for JCE crypto ciphers (part 1)
- S8048819: Implement reliability test for DH algorithm
- S8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
- S8075286: Additional tests for signature algorithm OIDs and
transformation string
- S8078628: linux-zero does not build without precompiled headers
- S8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java
timeouts intermittently
- S8141243: Unexpected timezone returned after parsing a date
- S8144593: Suppress not recognized property/feature warning
messages from SAXParser
- S8147969: Print size of DH keysize when errors are encountered
- S8148108: Disable Diffie-Hellman keys less than 1024 bits
- S8148421: Transport Layer Security (TLS) Session Hash and Extended
Master Secret Extension
- S8154344: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
fails on solaris
- S8156502: Use short name of SupportedEllipticCurvesExtension.java
- S8157548: JVM crashes sometimes while starting
- S8157603: TestCipher.java doesn't check one of the decrypted
message as expected
- S8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
failed with timeout
- S8159240: XSOM parser incorrectly processes type names with whitespaces
- S8160104: CORBA communication improvements
- S8163237: Restrict the use of EXPORT cipher suites
- S8163958: Improved garbage collection [test case]
- S8166248: tools/pack200/Pack200Test.java fails on Win32: Could not
reserve enough space
- S8166362: [TEST_BUG] test
sun/net/www/http/HttpClient/B8025710.java failing with cert error in
8u121 b01
- S8170157: Enable unlimited cryptographic policy by default in OracleJDK
- S8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
- S8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp
- S8172525: Improve key keying case
- S8174756: Extra validation for public keys
- S8175932: Improve host instance supports
- S8176458: Revise default document styling
- S8177144: [TEST BUG] sun/net/www/http/HttpClient/B8025710.java
should run in ovm mode
- S8178449: Improve LDAP logins
- S8178458: Better use of certificates in LDAP
- S8178466: Better RSA parameters
- S8178728: Check the AlgorithmParameters in algorithm constraints
- S8179990: Cleaner palette entry handling
- S8180011: Cleaner native graphics device handling
- S8180015: Cleaner AWT robot handling
- S8180020: Improve SymbolHashMap entry handling
- S8180048: Interned string and symbol table leak memory during
parallel unlinking
- S8180433: Cleaner CLR invocation handling
- S8180877: More deeply colored ICC spaces
- S8181664: Improve JVM UTF String handling
- S8181670: Improve implementation of keystores
- S8182125: Improve reliability of DNS lookups
- S8182387: Improve PKCS usage
- S8182601: Improve usage messages
- S8184016: Text in native popup is not always updated with Sogou IME
- S8185292: Stricter key generation
- S8185325: Improve GTK initialization
- S8185628: Backport jdk/test/lib/testlibrary/CompilerUtils.java to
jdk8u which is helpful in test development
- S8185719: rmi TestSocketFactory does not flush
- S8185909: Disable JARs signed with DSA keys less than 1024 bits
- S8186080: Transform XML interfaces
- S8186212: Improve GSS handling
- S8186539: [testlibrary] TestSocketFactory should allow triggers
before match/replace
- S8186600: Improve property negotiations
- S8186606: Improve LDAP lookup robustness
- S8186867: Improve native glyph layouts
- S8186998: Improve JMX supportive features
- S8187667: Disable deprecation warning for readdir_r
- S8188880: A JAXB JCK test failure found after 8186080
- S8189284: More refactoring for deserialization cases
- S8190258: (tz) Support tzdata2017c
- S8190259: test tck.java.time.zone.TCKZoneRules is broken by tzdata2017c
- S8190266: closed/java/awt/ComponentOrientation/WindowTest.java
throws java.util.MissingResourceException.
- S8190289: More refactoring for client deserialization cases
- S8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
fails on Solaris x64 5.10
- S8190497: DHParameterSpec.getL() returns zero after JDK-8072452
- S8190541: 8u161 L10n resource file update
- S8190789: sun/security/provider/certpath/LDAPCertStore/TestURICertStoreParameters.java
fails after JDK-8186606
- S8191142: More refactoring for naming deserialization cases
- S8192793: 8u161 L10n resource file update md20
- S8193683: Increase the number of clones in the CloneableDigest
- S8194859: Bad backport of 8024468 breaks Zero build due to lack of
8010862 in OpenJDK 7
- S8195837: (tz) Upgrade time-zone data to tzdata2018c
u171-b01:
- S8007772: G1: assert(!hr->isHumongous() || mr.start() ==
hr->bottom()) failed: the start of HeapRegion and MemRegion should be
consistent for humongous regions
- S8022956: Clang: enable return type warnings on BSD
- S8025613: clang: remove -Wno-unused-value
- S8043029: Change 8037816 breaks HS build with older GCC versions
which don't support diagnostic pragmas
- S8048169: Change 8037816 breaks HS build on PPC64 and
CPP-Interpreter platforms
- S8062808: Turn on the -Wreturn-type warning
- S8064786: Fix debug build after 8062808: Turn on the -Wreturn-type warning
- S8143245: Zero build requires disabled warnings
- S8196952: Bad primeCertainty value setting in DSAParameterGenerator
- S8196978: JDK-8187667 fails on GCC 4.4.7 as found on RHEL 6
- S8197510: fastdebug builds fail due to lack of p2i
- S8197801: Zero debug build fails on
"assert(labs(istate->_stack_base - istate->_stack_limit) ==
(istate->_method->max_stack() + extra_stack_entries + 1)) failed: bad
stack limit"
u171-b02:
- S8197981: Missing return statement in __sync_val_compare_and_swap_8
Webrevs for the new changes:
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/root/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/corba/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxp/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxws/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/hotspot/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jdk/
http://cr.openjdk.java.net/~andrew/openjdk7/20180116/langtools/
Ok to push?
Thanks,
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Web Site: http://fuseyism.com
Twitter: https://twitter.com/gnu_andrew_java
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk7u-dev
mailing list