Hello Dmitry, the change looks fine to me.
Thanks, Andrew > On Dec 21, 2017, at 7:10 PM, Dmitry Cherepanov <dcherepa...@azul.com> wrote: > > Hello, > > Here’s backport of security fixes (included in 8u151) to OpenJDK 6. > > Changes since jdk6-b44 > > * Security fixes: > > 8181612, CVE-2017-10355: More stable connection processing > 8169026, CVE-2017-10274: Handle smartcard clean up better > 8174966, CVE-2017-10285: Unreferenced references > 8180711, CVE-2017-10346: Better invokespecial checks > 8181597, CVE-2017-10357: Process Proxy presentation > 8181692, CVE-2017-10356: Update storage implementations > 8181323, CVE-2017-10347: Better timezone processing > 8174109, CVE-2017-10281: Better queuing priorities > 8181432, CVE-2017-10348: Better processing of unresolved permissions > 8178794, CVE-2017-10388: Correct Kerberos ticket grants > 8184682, CVE-2016-9841: Upgrade compression library > 8181370, CVE-2017-10345: Better keystore handling > 8181327, CVE-2017-10349: Better X processing > 8176751, CVE-2017-10295: Better URL connections > > * Defense-in-depth fixes: > > 8165543: Better window framing > 8169966: Larger AWT menus > 8170218: Improved Font Metrics > 8171252: Improve exception checking > 8175940: More certificate subject checking > 8180024: Improve construction of objects during deserialization > > * Other fixes: > > 8178714: PKIX validator nameConstraints check failing after change 8175940 > 8185040: Incorrect GPL header causes RE script to miss swap to commercial > header for licensee source bundle > 8179084: HotSpot VM fails to start when AggressiveHeap is set > 8181048: Refactor existing providers to refer to the same constants for > default values for key length > 8185845: Add SecurityTools.java test library > 8179423: 2 security tests started failing for JDK 1.6.0 u161 b05 > 8158517: Minor optimizations to ISO10126PADDING > 8057810: New defaults for DSA keys in jarsigner and keytool > 8185039: Incorrect GPL header causes RE script to miss swap to commercial > header for licensee source bundle > 8186503: sun/security/tools/jarsigner/DefaultSigalg.java failed after > backport to JDK 6/7/8 > 8179564: Missing @bug for tests added with JDK-8165367 > 8185778: 8u151 L10n resource file update > 4963968: zlib should be upgraded to current version of zlib > 8044725: Bug in zlib 1.2.5 prevents inflation of some gzipped files (zlib > 1.2.8 port) > 8035623: [parfait] JNI exception pending in > jdk/src/windows/native/sun/windows/awt_Font.cpp > 8157561: Ship the unlimited policy files in JDK Updates > 8165367: Additional tests for JEP 288: Disable SHA-1 Certificates > 6850720: (process) Use clone(CLONE_VM), not fork, on Linux to avoid swap > exhaustion > 6866719: Rename execvpe to avoid symbol clash with glibc 2.10 > 6853336: (process) disable or remove clone-exec feature (6850720) > 6868160: (process) Use vfork, not fork, on Linux to avoid swap exhaustion > > Note that the following fixes were included into this release after being > postponed from July 2017 jdk6-b44 > > 8176536: Improved algorithm constraints checking > 8179998: Clear certificate chain connections > 8179101: Improve algorithm constraints implementation > > Webrevs for the changes: > > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/root/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/corba/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/hotspot/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxp/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxws/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jdk/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/langtools/webrev/ > > Please review. > > Thanks, > > Dmitry >