Thanks. The repositories have been updated (added new tag jdk6-b42). Dmitry
On Feb 21, 2017, at 2:44 PM, Andrew Brygin <abry...@azul.com<mailto:abry...@azul.com>> wrote: Hello Dmitry, the change looks fine to me. Thanks, Andrew On Feb 20, 2017, at 1:02 PM, Dmitry Cherepanov <dcherepa...@azul.com<mailto:dcherepa...@azul.com>> wrote: Hello, Here’s backport of security fixes (included in 8u121) to OpenJDK 6. Changes since jdk6-b41 * Security fixes: 8151934, CVE-2017-3231: Resolve class resolution 8164147, CVE-2017-3261: Improve streaming socket output 8161743, CVE-2017-3252: Provide proper login context 8165071, CVE-2016-2183: Expand TLS support 8168728, CVE-2016-5548: DSA signing improvments 8168714, CVE-2016-5546: Tighten ECDSA validation 8165344, CVE-2017-3272: Update concurrency support 8167223, CVE-2016-5552: URL handling improvements 8156802, CVE-2017-3241: Better constraint checking 8167104, CVE-2017-3289: Additional class construction refinements 8166988, CVE-2017-3253: Improve image processing performance * Defense-in-depth fixes: 8138725: Add options for Javadoc generation 8140353: Improve signature checking 8158406: Limited Parameter Processing 8158997: JNDI Protocols Switch 8161218: Better bytecode loading 8162577: Standardize logging levels 8162973: Better component components * Other fixes: 6887710: Jar index should avoid putting META-INF in the INDEX.LIST 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions 8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check 8170268: 8u121 L10n resource file update - msgdrop 20 8139565: Restrict certificates with DSA keys less than 1024 bits 8075118: JVM stuck in infinite loop during verification 8160108: Implement Serialization Filtering 8148516: Improve the default strength of EC in JDK 8168861: AnchorCertificates uses hardcoded password for cacerts keystore 8167472: Chrome interop regression with JDK-8148516 8140483: Atomic*FieldUpdaters final fields should be trusted 8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod 8167591: Add MD5 to signed JAR restrictions 8167459: Add debug output for indicating if a chosen ciphersuite was legacy 6885204: JSSE should not require Kerberos to be present 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar 8169191: (tz) Support tzdata2016i 8165230: RMIConnection addNotificationListeners failing with specific inputs 8166875: (tz) Support tzdata2016g 8151893: Add security property to configure XML Signature secure validation mode 8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU 6858484: If an invalid HMAC XML Signature is validated, all subsequent valid HMAC signatures are invalid 8166878: Connection reset during TLS handshake 8161571: Verifying ECDSA signatures permits trailing bytes 8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property 8168993: JDK8u121 L10n resource file update 6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails under all platforms 8175072: [openjdk6] Kerberos JCK tests fail on systems without krb5.conf file Webrevs for the changes: http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/root/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/corba/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/hotspot/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/jaxp/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/jaxws/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/jdk/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2017/webrevs/langtools/webrev/ Please review. Thanks, Dmitry
