Thanks. The repositories have been updated (added new tag jdk6-b45). Dmitry
> On Dec 25, 2017, at 1:00 PM, Andrew Brygin <abry...@azul.com> wrote: > > Hello Dmitry, > > the change looks fine to me. > > Thanks, > Andrew > >> On Dec 21, 2017, at 7:10 PM, Dmitry Cherepanov <dcherepa...@azul.com> wrote: >> >> Hello, >> >> Here’s backport of security fixes (included in 8u151) to OpenJDK 6. >> >> Changes since jdk6-b44 >> >> * Security fixes: >> >> 8181612, CVE-2017-10355: More stable connection processing >> 8169026, CVE-2017-10274: Handle smartcard clean up better >> 8174966, CVE-2017-10285: Unreferenced references >> 8180711, CVE-2017-10346: Better invokespecial checks >> 8181597, CVE-2017-10357: Process Proxy presentation >> 8181692, CVE-2017-10356: Update storage implementations >> 8181323, CVE-2017-10347: Better timezone processing >> 8174109, CVE-2017-10281: Better queuing priorities >> 8181432, CVE-2017-10348: Better processing of unresolved permissions >> 8178794, CVE-2017-10388: Correct Kerberos ticket grants >> 8184682, CVE-2016-9841: Upgrade compression library >> 8181370, CVE-2017-10345: Better keystore handling >> 8181327, CVE-2017-10349: Better X processing >> 8176751, CVE-2017-10295: Better URL connections >> >> * Defense-in-depth fixes: >> >> 8165543: Better window framing >> 8169966: Larger AWT menus >> 8170218: Improved Font Metrics >> 8171252: Improve exception checking >> 8175940: More certificate subject checking >> 8180024: Improve construction of objects during deserialization >> >> * Other fixes: >> >> 8178714: PKIX validator nameConstraints check failing after change 8175940 >> 8185040: Incorrect GPL header causes RE script to miss swap to commercial >> header for licensee source bundle >> 8179084: HotSpot VM fails to start when AggressiveHeap is set >> 8181048: Refactor existing providers to refer to the same constants for >> default values for key length >> 8185845: Add SecurityTools.java test library >> 8179423: 2 security tests started failing for JDK 1.6.0 u161 b05 >> 8158517: Minor optimizations to ISO10126PADDING >> 8057810: New defaults for DSA keys in jarsigner and keytool >> 8185039: Incorrect GPL header causes RE script to miss swap to commercial >> header for licensee source bundle >> 8186503: sun/security/tools/jarsigner/DefaultSigalg.java failed after >> backport to JDK 6/7/8 >> 8179564: Missing @bug for tests added with JDK-8165367 >> 8185778: 8u151 L10n resource file update >> 4963968: zlib should be upgraded to current version of zlib >> 8044725: Bug in zlib 1.2.5 prevents inflation of some gzipped files (zlib >> 1.2.8 port) >> 8035623: [parfait] JNI exception pending in >> jdk/src/windows/native/sun/windows/awt_Font.cpp >> 8157561: Ship the unlimited policy files in JDK Updates >> 8165367: Additional tests for JEP 288: Disable SHA-1 Certificates >> 6850720: (process) Use clone(CLONE_VM), not fork, on Linux to avoid swap >> exhaustion >> 6866719: Rename execvpe to avoid symbol clash with glibc 2.10 >> 6853336: (process) disable or remove clone-exec feature (6850720) >> 6868160: (process) Use vfork, not fork, on Linux to avoid swap exhaustion >> >> Note that the following fixes were included into this release after being >> postponed from July 2017 jdk6-b44 >> >> 8176536: Improved algorithm constraints checking >> 8179998: Clear certificate chain connections >> 8179101: Improve algorithm constraints implementation >> >> Webrevs for the changes: >> >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/root/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/corba/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/hotspot/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxp/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jaxws/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/jdk/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Oct_2017/webrevs/langtools/webrev/ >> >> Please review. >> >> Thanks, >> >> Dmitry >> >
