Hello, Here’s backport of security fixes included in 8u141 to OpenJDK 6.
Changes since jdk6-b43 * Security fixes: 8175106, CVE-2017-10115: Higher quality DSA operations 8174098, CVE-2017-10110: Better image fetching 8176067, CVE-2017-10116: Proper directory lookup processing 8174113, CVE-2017-10109: Better sourcing of code 8169209, CVE-2017-10053: Improved image post-processing steps 8173697, CVE-2017-10107: Less Active Activations 8163958, CVE-2017-10102: Improved garbage collection 8172204, CVE-2017-10087: Better Thread Pool execution 8173770, CVE-2017-10074: Image conversion improvements 8173286, CVE-2017-10101: Better reading of text catalogs 8170966, CVE-2017-10081: Right parenthesis issue 8176760, CVE-2017-10135: Better handling of PKCS8 material 8174105, CVE-2017-10108: Better naming attribution 8169392, CVE-2017-10067: Additional jar validation steps 8172469, CVE-2017-10096: Transform Transformer Exceptions 8172461, CVE-2017-10089: Service Registration Lifecycle * Defense-in-depth fixes: 8167228: Update to libpng 1.6.28 8174770: Check registry registration location 8174873: Improved certificate procesing 8176055: JMX diagnostic improvements * Other fixes: 8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception 8143377: Test PKCS8Test.java fails 8175251: Failed to load RSA private key from pkcs12 8176769: Remove accidental spec change in jdk8u 8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set 8155690: Update libPNG library to the latest up-to-date 8030787: [Parfait] JNI-related warnings from b119 for jdk/src/share/native/sun/awt/image 8037287: Windows build failed after JDK-8030787 8162461: Hang due to JNI up-call made whilst holding JNI critical lock 8177449: (tz) Support tzdata2017b 8013434: Xalan and Xerces internal ObjectFactory need rework 8176731: JCK tests in api/javax_xml/transform/ spec conformance started failing after 8172469 8182054: Improve wsdl support 8181591: 8u141 L10n resource file update 6945961: SIGSEGV in memcpy() during class loading on linux-i586 Fixes listed below have not been backported in jdk6-b44 due to time constraints. These changes will be included in later updates of jdk6. 8176536: Improved algorithm constraints checking 8179998: Clear certificate chain connections 8179101: Improve algorithm constraints implementation Webrevs for the changes: http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/root/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/corba/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/hotspot/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxp/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jaxws/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/jdk/webrev/ http://cr.openjdk.java.net/~bae/openjdk6/July_2017/webrevs/langtools/webrev/ Please review. Thanks, Andrew
