We have a new release of IcedTea [0] and a new OpenJDK 6 release, b36 to go with it. This is made from the current state of the OpenJDK 6 repositories plus backports of the new security fixes included in 7u85 & 8u51.
The tarballs are available here: https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b36-22_jul_2015.tar.gz https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b36-22_jul_2015.tar.xz SHA256 checksums: 9616b2365734ad34b0837dc99ba604513f9a12b602aadfdf334e46f9d59dac55 openjdk-6-src-b36-22_jul_2015.tar.gz c9df23d208b3b61f5f57c030accca2f7b3218a97bd140668506265ececdf26f4 openjdk-6-src-b36-22_jul_2015.tar.xz Changes since b36 (including both CPU fixes and upstreamed changes): * Security fixes - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites - S8067694, CVE-2015-2625: Improved certification checking - S8071715, CVE-2015-4760: Tune font layout engine - S8071731: Better scaling for C1 - S8072490: Better font morphing redux - S8072887: Better font handling improvements - S8073334: Improved font substitutions - S8073773: Presume path preparedness - S8073894: Getting to the root of certificate chains - S8074330: Set font anchors more solidly - S8074335: Substitute for substitution formats - S8074865, CVE-2015-2601: General crypto resilience changes - S8074871: Adjust device table handling - S8075374, CVE-2015-4748: Responding to OCSP responses - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling - S8075738: Better multi-JVM sharing - S8075838: Method for typing MethodTypes - S8075853, CVE-2015-2621: Proxy for MBean proxies - S8076328, CVE-2015-4000: Enforce key exchange constraints - S8076376, CVE-2015-2628: Enhance IIOP operations - S8076397, CVE-2015-4731: Better MBean connections - S8076401, CVE-2015-2590: Serialize OIS data - S8076405, CVE-2015-4732: Improve serial serialization - S8076409, CVE-2015-4733: Reinforce RMI framework - S8077520, CVE-2015-2632: Morph tables into improved form - PR2488, CVE-2015-4000: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize * Other changes - OJ58: Allow OpenJDK to build on PaX-enabled kernels - OJ59: Only apply PaX-marking when needed by a running PaX kernel - OJ60, PR2484: Disable export ciphers by default - OJ61: Remove translation strings for ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn't exist in OpenJDK 6 - OJ62, PR2552: Restrict key size of RSA certificates to >= 1024 - OJ63: Remove @Override annotation on interfaces added by 2015/07/14 security fixes. - S6787645: CRL validation code should permit some clock skew when checking validity of CRLs - S6996365: Evaluate the priorities of cipher suites - S7185471: Avoid key expansion when AES cipher is re-init w/ the same key - S8007142: Add utility classes for writing better multiprocess tests in jtreg - S8008089: Delete OS dependent check in JdkFinder.getExecutable() - S8024861: Incomplete token triggers GSS-API NullPointerException - S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector - S8036786: Update jdk7 testlibrary to match jdk8 - S8042205: javax/management/monitor/*: some tests didn't get all the notifications - S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine - S8043200, PR2485: Decrease the preference mode of RC4 in the enabled cipher suite list - S8043201: Deprecate RC4 in SunJSSE provider - S8046817: JDK 8 schemagen tool does not generate xsd files for enum types - S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred - S8050158: Introduce system property to maintain RC4 preference order - S8062923: XSL: Run-time internal error in 'substring()' - S8062924: XSL: wrong answer from substring() function - S8064546: CipherInputStream throws BadPaddingException if stream is not fully read - S8065764: javax/management/monitor/CounterMonitorTest.java hangs - S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs - S8073357: schema1.xsd has wrong content. Sequence of the enum values has been changed - S8073385: Bad error message on parsing illegal character in XML attribute - S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris Sparc - S8074297: substring in XSLT returns wrong character if string contains supplementary chars - S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java failed in certain env. - S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in certain env. - S8075667: (tz) Support tzdata2015b - S8076290: JCK test api/xsl/conf/string/string17 starts failing after JDK-8074297 - S8077685: (tz) Support tzdata2015d - S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with BindException - S8078439: SPNEGO auth fails if client proposes MS krb5 OID - S8078666, PR2327: JVM fastdebug build compiled with GCC 5 asserts with "widen increases" - S8080318: jdk8u51 l10n resource file translation update - S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4 dependencies - S8081775: two lib/testlibrary tests are failing with "Error. failed to clean up files after test" with jtreg 4.1 b12 Webrevs for the new changes: http://cr.openjdk.java.net/~andrew/openjdk6/20150714/root/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/corba/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/jaxp/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/jaxws/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/hotspot/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/jdk/ http://cr.openjdk.java.net/~andrew/openjdk6/20150714/langtools/ Once approved, I'll push these to the OpenJDK 6 repository. [0] http://bitly.com/it11308 Thanks, -- Andrew :) Senior Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
