[PATCH] jdk7u211-b00 security patch review
Martin Balao
mbalao at redhat.com
Mon Feb 18 21:36:19 UTC 2019
On 2/15/19 3:22 AM, Andrew Hughes wrote:
> 8u201 was released recently & we've backported appropriate
> changes to OpenJDK 7 to create OpenJDK 7 u211.
>
> The changes from u201-b00 to u211-b00 are as follows:
> - S6383200: PBE: need new algorithm support in password based encryption
> - S6483657: MSCAPI provider does not create unique alias names
> - S8000203: File descriptor leak in src/solaris/native/java/net/net_util_md.c
> - S8008321: compile.cpp verify_graph_edges uses bool as int
> - S8013069: javax.crypto tests fail with new PBE algorithm names
> - S8027781: New jarsigner timestamp warning is grammatically incorrect
> - S8029018: (bf) Check src/share/native/java/nio/Bits.c for JNI
> pending exceptions
> - S8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
> - S8098854: Do cleanup in a proper order in sunmscapi code
> - S8133070: Hot lock on BulkCipher.isAvailable
> - S8138589: Correct limits on unlimited cryptography
> - S8141491: Unaligned memory access in Bits.c
> - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()
> - S8159805: sun/security/tools/jarsigner/warnings/NoTimestampTest.java
> fails after JDK-8027781
> - S8162362: Introduce system property to control enabled ciphersuites
> - S8165463: Native implementation of sunmscapi should use operator
> new (nothrow) for allocations
> - S8191438: jarsigner should print when a timestamp will expire
> - S8199156: Better route routing
> - S8199161: Better interface enumeration
> - S8199166: Better interface lists
> - S8199552: Update to build scripts
> - S8203955: Improve robot support
> - S8204895: Better icon support
> - S8205330: InitialDirContext ctor sometimes throws NPE if the
> server has sent a disconnection
> - S8205356: Choose printer defaults
> - S8205709: Proper allocation handling
> - S8205714: Initial class initialization
> - S8206290: Better FileChannel transfer performance
> - S8206295: More reliable p11 transactions
> - S8206301: Improve NIO stability
> - S8207775: Better management of CipherCore buffers
> - S8208583: Better management of internal KeyStore buffers
> - S8208585: Make crypto code more robust
> - S8209094: Improve web server connections
> - S8209129: Further improvements to cipher buffer management
> - S8209862: CipherCore performance improvement
> - S8210094: Better loading of classloader classes
> - S8210606: Improved data set handling
> - S8210610: Improved LSA authentication
> - S8210695: Create test to cover JDK-8205330 InitialDirContext ctor
> sometimes throws NPE if the server has sent a disconnection
> - S8210866: Improve JPEG processing
> - S8210870: Libsunmscapi improved interactions
> - S8210951: Test
> sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java fails
> - S8211883: Disable anon and NULL cipher suites
> - S8213085: (tz) Upgrade time-zone data to tzdata2018g
> - S8213368: JDK 8u201 l10n resource file update
> - S8213949: OpenJDK 8 CCharToGlyphMapper.m missing the Classpath
> exception license text
> - S8214357: JDK 8u201 l10n resource file update md20
> - S8218798: slowdebug build broken by JDK-8205714
>
> with 8029661 already present in the repository.
>
> Webrevs for the new changes:
>
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/root/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/corba/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxp/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxws/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/hotspot/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jdk/
> http://cr.openjdk.java.net/~andrew/openjdk7/20190115/langtools/
>
> Ok to push?
>
> Thanks,
>
Hi,
I'm not a jdk7u reviewer but I have had a look at the following security
patches and are fine to me:
* 8199156
* 8199161
* 8199166
* 8203955
* 8204895
* 8205356
* 8205709
* 8206290
* 8206295
* 8206301
* 8208585
* 8209094
* 8210866
* 8210606
* 8210610
* 8210870
* 8205714
* 8210094
In addition, I'd like to propose the inclusion of the backport of
8200659 to jdk7u.
Kind regards,
Martin.-
More information about the jdk7u-dev
mailing list