[PATCH] jdk7u211-b00 security patch review

[Andrew Hughes]

8u201 was released recently & we've backported appropriate
changes to OpenJDK 7 to create OpenJDK 7 u211.

The changes from u201-b00 to u211-b00 are as follows:
  - S6383200: PBE: need new algorithm support in password based encryption
  - S6483657: MSCAPI provider does not create unique alias names
  - S8000203: File descriptor leak in src/solaris/native/java/net/net_util_md.c
  - S8008321: compile.cpp verify_graph_edges uses bool as int
  - S8013069: javax.crypto tests fail with new PBE algorithm names
  - S8027781: New jarsigner timestamp warning is grammatically incorrect
  - S8029018: (bf) Check src/share/native/java/nio/Bits.c for JNI
pending exceptions
  - S8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
  - S8098854: Do cleanup in a proper order in sunmscapi code
  - S8133070: Hot lock on BulkCipher.isAvailable
  - S8138589: Correct limits on unlimited cryptography
  - S8141491: Unaligned memory access in Bits.c
  - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()
  - S8159805: sun/security/tools/jarsigner/warnings/NoTimestampTest.java
fails after JDK-8027781
  - S8162362: Introduce system property to control enabled ciphersuites
  - S8165463: Native implementation of sunmscapi should use operator
new (nothrow) for allocations
  - S8191438: jarsigner should print when a timestamp will expire
  - S8199156: Better route routing
  - S8199161: Better interface enumeration
  - S8199166: Better interface lists
  - S8199552: Update to build scripts
  - S8203955: Improve robot support
  - S8204895: Better icon support
  - S8205330: InitialDirContext ctor sometimes throws NPE if the
server has sent a disconnection
  - S8205356: Choose printer defaults
  - S8205709: Proper allocation handling
  - S8205714: Initial class initialization
  - S8206290: Better FileChannel transfer performance
  - S8206295: More reliable p11 transactions
  - S8206301: Improve NIO stability
  - S8207775: Better management of CipherCore buffers
  - S8208583: Better management of internal KeyStore buffers
  - S8208585: Make crypto code more robust
  - S8209094: Improve web server connections
  - S8209129: Further improvements to cipher buffer management
  - S8209862: CipherCore performance improvement
  - S8210094: Better loading of classloader classes
  - S8210606: Improved data set handling
  - S8210610: Improved LSA authentication
  - S8210695: Create test to cover JDK-8205330 InitialDirContext ctor
sometimes throws NPE if the server has sent a disconnection
  - S8210866: Improve JPEG processing
  - S8210870: Libsunmscapi improved interactions
  - S8210951: Test
sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java fails
  - S8211883: Disable anon and NULL cipher suites
  - S8213085: (tz) Upgrade time-zone data to tzdata2018g
  - S8213368: JDK 8u201 l10n resource file update
  - S8213949: OpenJDK 8 CCharToGlyphMapper.m missing the Classpath
exception license text
  - S8214357: JDK 8u201 l10n resource file update md20
  - S8218798: slowdebug build broken by JDK-8205714

with 8029661 already present in the repository.

Webrevs for the new changes:

http://cr.openjdk.java.net/~andrew/openjdk7/20190115/root/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/corba/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxp/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxws/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/hotspot/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jdk/
http://cr.openjdk.java.net/~andrew/openjdk7/20190115/langtools/

Ok to push?

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Web Site: http://fuseyism.com
Twitter: https://twitter.com/gnu_andrew_java
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222