Hello, Here’s backport of security fixes (included in 8u151) to OpenJDK 6.
Changes since jdk6-b44 * Security fixes: 8181612, CVE-2017-10355: More stable connection processing 8169026, CVE-2017-10274: Handle smartcard clean up better 8174966, CVE-2017-10285: Unreferenced references 8180711, CVE-2017-10346: Better invokespecial checks 8181597, CVE-2017-10357: Process Proxy presentation 8181692, CVE-2017-10356: Update storage implementations 8181323, CVE-2017-10347: Better timezone processing 8174109, CVE-2017-10281: Better queuing priorities 8181432, CVE-2017-10348: Better processing of unresolved permissions 8178794, CVE-2017-10388: Correct Kerberos ticket grants 8184682, CVE-2016-9841: Upgrade compression library 8181370, CVE-2017-10345: Better keystore handling 8181327, CVE-2017-10349: Better X processing 8176751, CVE-2017-10295: Better URL connections * Defense-in-depth fixes: 8165543: Better window framing 8169966: Larger AWT menus 8170218: Improved Font Metrics 8171252: Improve exception checking 8175940: More certificate subject checking 8180024: Improve construction of objects during deserialization * Other fixes: 8178714: PKIX validator nameConstraints check failing after change 8175940 8185040: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle 8179084: HotSpot VM fails to start when AggressiveHeap is set 8181048: Refactor existing providers to refer to the same constants for default values for key length 8185845: Add SecurityTools.java test library 8179423: 2 security tests started failing for JDK 1.6.0 u161 b05 8158517: Minor optimizations to ISO10126PADDING 8057810: New defaults for DSA keys in jarsigner and keytool 8185039: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle 8186503: sun/security/tools/jarsigner/DefaultSigalg.java failed after backport to JDK 6/7/8 8179564: Missing @bug for tests added with JDK-8165367 8185778: 8u151 L10n resource file update 4963968: zlib should be upgraded to current version of zlib 8044725: Bug in zlib 1.2.5 prevents inflation of some gzipped files (zlib 1.2.8 port) 8035623: [parfait] JNI exception pending in jdk/src/windows/native/sun/windows/awt_Font.cpp 8157561: Ship the unlimited policy files in JDK Updates 8165367: Additional tests for JEP 288: Disable SHA-1 Certificates 6850720: (process) Use clone(CLONE_VM), not fork, on Linux to avoid swap exhaustion 6866719: Rename execvpe to avoid symbol clash with glibc 2.10 6853336: (process) disable or remove clone-exec feature (6850720) 6868160: (process) Use vfork, not fork, on Linux to avoid swap exhaustion Note that the following fixes were included into this release after being postponed from July 2017 jdk6-b44 8176536: Improved algorithm constraints checking 8179998: Clear certificate chain connections 8179101: Improve algorithm constraints implementation Webrevs for the changes: http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/root/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/corba/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/hotspot/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxp/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxws/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jdk/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/langtools/webrev/ Please review. Thanks, Dmitry
