[PATCH] jdk7u171-b02 security patch review
Andrew Brygin
abrygin at azul.com
Tue Mar 20 11:04:25 UTC 2018
Hello Andrew,
the changes look good to me.
Thanks,
Andrew
> On Mar 20, 2018, at 8:05 AM, Andrew Hughes <gnu.andrew at redhat.com> wrote:
>
> On 15 February 2018 at 21:43, Andrew Hughes <gnu.andrew at redhat.com> wrote:
>> 8u161 was released in mid-January and we've backported appropriate
>> changes to OpenJDK 7 to create OpenJDK 7 u171.
>>
>> Unlike with previous releases, I'm posting these changes first, while
>> we are still doing release testing on them. This gives time for others
>> to test these changes and propose any further fixes for the release.
>> I'l post separately when our testing is successful and we plan to
>> produce the release.
>>
>> The changes from u161-b01 to u171-b02 are as follows:
>>
>> u171-b00:
>> - S7043064: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly
>> - S7051394: NullPointerException when running regression tests
>> LoadProfileTest by using openjdk-7-b144
>> - S7124245: [lcms] ColorConvertOp to color space CS_GRAY apparently
>> converts orange to 244,244,0
>> - S7171982: Cipher getParameters() throws RuntimeException: Cannot
>> find SunJCE provider
>> - S7172652: With JDK 1.7 text field does not obtain focus when using
>> mnemonic Alt/Key combin
>> - S8005402: Need to provide benchmarks for color management
>> - S8005530: [lcms] Improve performance of ColorConverOp for default
>> destinations
>> - S8005930: [lcms] ColorConvertOp: Alpha channel is not transferred
>> from source to destination.
>> - S8007607: security native code doesn't always use malloc, realloc,
>> and calloc correctly
>> - S8013430: REGRESSION:
>> closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java
>> fails with java.io.StreamCorruptedException: invalid type code: EE
>> since 8b87
>> - S8014307: Memory leak ... security/jgss/wrapper/GSSLibStub.c
>> - S8022532: [parfait] Potential memory leak in gtk2_interface.c
>> - S8024511: Crash during color profile destruction
>> - S8025429: [parfait] warnings from b107 for sun.java2d.cmm: JNI
>> exception pending
>> - S8026702: Fix for 8025429 breaks jdk build on windows
>> - S8026780: Crash on PPC and PPC v2 for Java_awt test suit
>> - S8031003: [Parfait] warnings from
>> jdk/src/share/native/sun/security/jgss/wrapper: JNI exception pending
>> - S8035105: DNS provider cleanups
>> - S8041781: Need new regression tests for PBE keys
>> - S8041787: Need new regressions tests for buffer handling for PBE algorithms
>> - S8044193: Need to add known answer tests for AES cipher
>> - S8047066: Test test/sun/awt/image/bug8038000.java fails with
>> ClassCastException
>> - S8048601: Tests for JCE crypto ciphers (part 1)
>> - S8048819: Implement reliability test for DH algorithm
>> - S8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
>> - S8075286: Additional tests for signature algorithm OIDs and
>> transformation string
>> - S8078628: linux-zero does not build without precompiled headers
>> - S8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java
>> timeouts intermittently
>> - S8141243: Unexpected timezone returned after parsing a date
>> - S8144593: Suppress not recognized property/feature warning
>> messages from SAXParser
>> - S8147969: Print size of DH keysize when errors are encountered
>> - S8148108: Disable Diffie-Hellman keys less than 1024 bits
>> - S8148421: Transport Layer Security (TLS) Session Hash and Extended
>> Master Secret Extension
>> - S8154344: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
>> fails on solaris
>> - S8156502: Use short name of SupportedEllipticCurvesExtension.java
>> - S8157548: JVM crashes sometimes while starting
>> - S8157603: TestCipher.java doesn't check one of the decrypted
>> message as expected
>> - S8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
>> failed with timeout
>> - S8159240: XSOM parser incorrectly processes type names with whitespaces
>> - S8160104: CORBA communication improvements
>> - S8163237: Restrict the use of EXPORT cipher suites
>> - S8163958: Improved garbage collection [test case]
>> - S8166248: tools/pack200/Pack200Test.java fails on Win32: Could not
>> reserve enough space
>> - S8166362: [TEST_BUG] test
>> sun/net/www/http/HttpClient/B8025710.java failing with cert error in
>> 8u121 b01
>> - S8170157: Enable unlimited cryptographic policy by default in OracleJDK
>> - S8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
>> - S8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp
>> - S8172525: Improve key keying case
>> - S8174756: Extra validation for public keys
>> - S8175932: Improve host instance supports
>> - S8176458: Revise default document styling
>> - S8177144: [TEST BUG] sun/net/www/http/HttpClient/B8025710.java
>> should run in ovm mode
>> - S8178449: Improve LDAP logins
>> - S8178458: Better use of certificates in LDAP
>> - S8178466: Better RSA parameters
>> - S8178728: Check the AlgorithmParameters in algorithm constraints
>> - S8179990: Cleaner palette entry handling
>> - S8180011: Cleaner native graphics device handling
>> - S8180015: Cleaner AWT robot handling
>> - S8180020: Improve SymbolHashMap entry handling
>> - S8180048: Interned string and symbol table leak memory during
>> parallel unlinking
>> - S8180433: Cleaner CLR invocation handling
>> - S8180877: More deeply colored ICC spaces
>> - S8181664: Improve JVM UTF String handling
>> - S8181670: Improve implementation of keystores
>> - S8182125: Improve reliability of DNS lookups
>> - S8182387: Improve PKCS usage
>> - S8182601: Improve usage messages
>> - S8184016: Text in native popup is not always updated with Sogou IME
>> - S8185292: Stricter key generation
>> - S8185325: Improve GTK initialization
>> - S8185628: Backport jdk/test/lib/testlibrary/CompilerUtils.java to
>> jdk8u which is helpful in test development
>> - S8185719: rmi TestSocketFactory does not flush
>> - S8185909: Disable JARs signed with DSA keys less than 1024 bits
>> - S8186080: Transform XML interfaces
>> - S8186212: Improve GSS handling
>> - S8186539: [testlibrary] TestSocketFactory should allow triggers
>> before match/replace
>> - S8186600: Improve property negotiations
>> - S8186606: Improve LDAP lookup robustness
>> - S8186867: Improve native glyph layouts
>> - S8186998: Improve JMX supportive features
>> - S8187667: Disable deprecation warning for readdir_r
>> - S8188880: A JAXB JCK test failure found after 8186080
>> - S8189284: More refactoring for deserialization cases
>> - S8190258: (tz) Support tzdata2017c
>> - S8190259: test tck.java.time.zone.TCKZoneRules is broken by tzdata2017c
>> - S8190266: closed/java/awt/ComponentOrientation/WindowTest.java
>> throws java.util.MissingResourceException.
>> - S8190289: More refactoring for client deserialization cases
>> - S8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
>> fails on Solaris x64 5.10
>> - S8190497: DHParameterSpec.getL() returns zero after JDK-8072452
>> - S8190541: 8u161 L10n resource file update
>> - S8190789: sun/security/provider/certpath/LDAPCertStore/TestURICertStoreParameters.java
>> fails after JDK-8186606
>> - S8191142: More refactoring for naming deserialization cases
>> - S8192793: 8u161 L10n resource file update md20
>> - S8193683: Increase the number of clones in the CloneableDigest
>> - S8194859: Bad backport of 8024468 breaks Zero build due to lack of
>> 8010862 in OpenJDK 7
>> - S8195837: (tz) Upgrade time-zone data to tzdata2018c
>> u171-b01:
>> - S8007772: G1: assert(!hr->isHumongous() || mr.start() ==
>> hr->bottom()) failed: the start of HeapRegion and MemRegion should be
>> consistent for humongous regions
>> - S8022956: Clang: enable return type warnings on BSD
>> - S8025613: clang: remove -Wno-unused-value
>> - S8043029: Change 8037816 breaks HS build with older GCC versions
>> which don't support diagnostic pragmas
>> - S8048169: Change 8037816 breaks HS build on PPC64 and
>> CPP-Interpreter platforms
>> - S8062808: Turn on the -Wreturn-type warning
>> - S8064786: Fix debug build after 8062808: Turn on the -Wreturn-type warning
>> - S8143245: Zero build requires disabled warnings
>> - S8196952: Bad primeCertainty value setting in DSAParameterGenerator
>> - S8196978: JDK-8187667 fails on GCC 4.4.7 as found on RHEL 6
>> - S8197510: fastdebug builds fail due to lack of p2i
>> - S8197801: Zero debug build fails on
>> "assert(labs(istate->_stack_base - istate->_stack_limit) ==
>> (istate->_method->max_stack() + extra_stack_entries + 1)) failed: bad
>> stack limit"
>> u171-b02:
>> - S8197981: Missing return statement in __sync_val_compare_and_swap_8
>>
>> Webrevs for the new changes:
>>
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/root/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/corba/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxp/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jaxws/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/hotspot/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/jdk/
>> http://cr.openjdk.java.net/~andrew/openjdk7/20180116/langtools/
>>
>> Ok to push?
>>
>> Thanks,
>> --
>> Andrew :)
>>
>> Senior Free Java Software Engineer
>> Red Hat, Inc. (http://www.redhat.com)
>>
>> Web Site: http://fuseyism.com
>> Twitter: https://twitter.com/gnu_andrew_java
>> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
>> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
>
> Ping? This is over a month ago now.
>
> IcedTea 2.6.13 [0] was released on the 28th of February, based on u171-b02,
> so I now intend to release that version once pushed.
>
> [0] http://bitly.com/it20613
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> Web Site: http://fuseyism.com
> Twitter: https://twitter.com/gnu_andrew_java
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk7u-dev
mailing list