[PATCH] jdk7u171-b02 security patch review
Andrew Hughes
gnu.andrew at redhat.com
Tue Mar 20 05:05:03 UTC 2018
On 15 February 2018 at 21:43, Andrew Hughes <gnu.andrew at redhat.com> wrote:
> 8u161 was released in mid-January and we've backported appropriate
> changes to OpenJDK 7 to create OpenJDK 7 u171.
>
> Unlike with previous releases, I'm posting these changes first, while
> we are still doing release testing on them. This gives time for others
> to test these changes and propose any further fixes for the release.
> I'l post separately when our testing is successful and we plan to
> produce the release.
>
> The changes from u161-b01 to u171-b02 are as follows:
>
> u171-b00:
> - S7043064: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly
> - S7051394: NullPointerException when running regression tests
> LoadProfileTest by using openjdk-7-b144
> - S7124245: [lcms] ColorConvertOp to color space CS_GRAY apparently
> converts orange to 244,244,0
> - S7171982: Cipher getParameters() throws RuntimeException: Cannot
> find SunJCE provider
> - S7172652: With JDK 1.7 text field does not obtain focus when using
> mnemonic Alt/Key combin
> - S8005402: Need to provide benchmarks for color management
> - S8005530: [lcms] Improve performance of ColorConverOp for default
> destinations
> - S8005930: [lcms] ColorConvertOp: Alpha channel is not transferred
> from source to destination.
> - S8007607: security native code doesn't always use malloc, realloc,
> and calloc correctly
> - S8013430: REGRESSION:
> closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java
> fails with java.io.StreamCorruptedException: invalid type code: EE
> since 8b87
> - S8014307: Memory leak ... security/jgss/wrapper/GSSLibStub.c
> - S8022532: [parfait] Potential memory leak in gtk2_interface.c
> - S8024511: Crash during color profile destruction
> - S8025429: [parfait] warnings from b107 for sun.java2d.cmm: JNI
> exception pending
> - S8026702: Fix for 8025429 breaks jdk build on windows
> - S8026780: Crash on PPC and PPC v2 for Java_awt test suit
> - S8031003: [Parfait] warnings from
> jdk/src/share/native/sun/security/jgss/wrapper: JNI exception pending
> - S8035105: DNS provider cleanups
> - S8041781: Need new regression tests for PBE keys
> - S8041787: Need new regressions tests for buffer handling for PBE algorithms
> - S8044193: Need to add known answer tests for AES cipher
> - S8047066: Test test/sun/awt/image/bug8038000.java fails with
> ClassCastException
> - S8048601: Tests for JCE crypto ciphers (part 1)
> - S8048819: Implement reliability test for DH algorithm
> - S8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
> - S8075286: Additional tests for signature algorithm OIDs and
> transformation string
> - S8078628: linux-zero does not build without precompiled headers
> - S8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java
> timeouts intermittently
> - S8141243: Unexpected timezone returned after parsing a date
> - S8144593: Suppress not recognized property/feature warning
> messages from SAXParser
> - S8147969: Print size of DH keysize when errors are encountered
> - S8148108: Disable Diffie-Hellman keys less than 1024 bits
> - S8148421: Transport Layer Security (TLS) Session Hash and Extended
> Master Secret Extension
> - S8154344: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
> fails on solaris
> - S8156502: Use short name of SupportedEllipticCurvesExtension.java
> - S8157548: JVM crashes sometimes while starting
> - S8157603: TestCipher.java doesn't check one of the decrypted
> message as expected
> - S8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
> failed with timeout
> - S8159240: XSOM parser incorrectly processes type names with whitespaces
> - S8160104: CORBA communication improvements
> - S8163237: Restrict the use of EXPORT cipher suites
> - S8163958: Improved garbage collection [test case]
> - S8166248: tools/pack200/Pack200Test.java fails on Win32: Could not
> reserve enough space
> - S8166362: [TEST_BUG] test
> sun/net/www/http/HttpClient/B8025710.java failing with cert error in
> 8u121 b01
> - S8170157: Enable unlimited cryptographic policy by default in OracleJDK
> - S8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
> - S8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp
> - S8172525: Improve key keying case
> - S8174756: Extra validation for public keys
> - S8175932: Improve host instance supports
> - S8176458: Revise default document styling
> - S8177144: [TEST BUG] sun/net/www/http/HttpClient/B8025710.java
> should run in ovm mode
> - S8178449: Improve LDAP logins
> - S8178458: Better use of certificates in LDAP
> - S8178466: Better RSA parameters
> - S8178728: Check the AlgorithmParameters in algorithm constraints
> - S8179990: Cleaner palette entry handling
> - S8180011: Cleaner native graphics device handling
> - S8180015: Cleaner AWT robot handling
> - S8180020: Improve SymbolHashMap entry handling
> - S8180048: Interned string and symbol table leak memory during
> parallel unlinking
> - S8180433: Cleaner CLR invocation handling
> - S8180877: More deeply colored ICC spaces
> - S8181664: Improve JVM UTF String handling
> - S8181670: Improve implementation of keystores
> - S8182125: Improve reliability of DNS lookups
> - S8182387: Improve PKCS usage
> - S8182601: Improve usage messages
> - S8184016: Text in native popup is not always updated with Sogou IME
> - S8185292: Stricter key generation
> - S8185325: Improve GTK initialization
> - S8185628: Backport jdk/test/lib/testlibrary/CompilerUtils.java to
> jdk8u which is helpful in test development
> - S8185719: rmi TestSocketFactory does not flush
> - S8185909: Disable JARs signed with DSA keys less than 1024 bits
> - S8186080: Transform XML interfaces
> - S8186212: Improve GSS handling
> - S8186539: [testlibrary] TestSocketFactory should allow triggers
> before match/replace
> - S8186600: Improve property negotiations
> - S8186606: Improve LDAP lookup robustness
> - S8186867: Improve native glyph layouts
> - S8186998: Improve JMX supportive features
> - S8187667: Disable deprecation warning for readdir_r
> - S8188880: A JAXB JCK test failure found after 8186080
> - S8189284: More refactoring for deserialization cases
> - S8190258: (tz) Support tzdata2017c
> - S8190259: test tck.java.time.zone.TCKZoneRules is broken by tzdata2017c
> - S8190266: closed/java/awt/ComponentOrientation/WindowTest.java
> throws java.util.MissingResourceException.
> - S8190289: More refactoring for client deserialization cases
> - S8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
> fails on Solaris x64 5.10
> - S8190497: DHParameterSpec.getL() returns zero after JDK-8072452
> - S8190541: 8u161 L10n resource file update
> - S8190789: sun/security/provider/certpath/LDAPCertStore/TestURICertStoreParameters.java
> fails after JDK-8186606
> - S8191142: More refactoring for naming deserialization cases
> - S8192793: 8u161 L10n resource file update md20
> - S8193683: Increase the number of clones in the CloneableDigest
> - S8194859: Bad backport of 8024468 breaks Zero build due to lack of
> 8010862 in OpenJDK 7
> - S8195837: (tz) Upgrade time-zone data to tzdata2018c
> u171-b01:
> - S8007772: G1: assert(!hr->isHumongous() || mr.start() ==
> hr->bottom()) failed: the start of HeapRegion and MemRegion should be
> consistent for humongous regions
> - S8022956: Clang: enable return type warnings on BSD
> - S8025613: clang: remove -Wno-unused-value
> - S8043029: Change 8037816 breaks HS build with older GCC versions
> which don't support diagnostic pragmas
> - S8048169: Change 8037816 breaks HS build on PPC64 and
> CPP-Interpreter platforms
> - S8062808: Turn on the -Wreturn-type warning
> - S8064786: Fix debug build after 8062808: Turn on the -Wreturn-type warning
> - S8143245: Zero build requires disabled warnings
> - S8196952: Bad primeCertainty value setting in DSAParameterGenerator
> - S8196978: JDK-8187667 fails on GCC 4.4.7 as found on RHEL 6
> - S8197510: fastdebug builds fail due to lack of p2i
> - S8197801: Zero debug build fails on
> "assert(labs(istate->_stack_base - istate->_stack_limit) ==
> (istate->_method->max_stack() + extra_stack_entries + 1)) failed: bad
> stack limit"
> u171-b02:
> - S8197981: Missing return statement in __sync_val_compare_and_swap_8
>
> Webrevs for the new changes:
>
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/root/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/corba/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxp/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxws/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/hotspot/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jdk/
> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/langtools/
>
> Ok to push?
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> Web Site: http://fuseyism.com
> Twitter: https://twitter.com/gnu_andrew_java
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
Ping? This is over a month ago now.
IcedTea 2.6.13 [0] was released on the 28th of February, based on u171-b02,
so I now intend to release that version once pushed.
[0] http://bitly.com/it20613
Thanks,
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Web Site: http://fuseyism.com
Twitter: https://twitter.com/gnu_andrew_java
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk7u-dev
mailing list