Hello, Here’s backport of security fixes (included in 8u161) to OpenJDK 6.
Changes since jdk6-b45 * Security fixes: 8185292, CVE-2018-2618: Stricter key generation 8172525, CVE-2018-2579: Improve key keying case 8182601, CVE-2018-2602: Improve usage messages 8189284, CVE-2018-2663: More refactoring for deserialization cases 8178449, CVE-2018-2588: Improve LDAP logins 8186998, CVE-2018-2637: Improve JMX supportive features 8186212, CVE-2018-2629: Improve GSS handling 8186606, CVE-2018-2633: Improve LDAP lookup robustness 8190289, CVE-2018-2677: More refactoring for client deserialization cases 8185325, CVE-2018-2641: Improve GTK initialization 8182125, CVE-2018-2599: Improve reliability of DNS lookups 8182387, CVE-2018-2603: Improve PKCS usage 8191142, CVE-2018-2678: More refactoring for naming deserialization cases * Defense-in-depth fixes: 8160104: CORBA communication improvements 8174756: Extra validation for public keys 8176458: Revise default document styling 8178458: Better use of certificates in LDAP 8178466: Better RSA parameters 8179990: Cleaner palette entry handling 8180011: Cleaner native graphics device handling 8180015: Cleaner AWT robot handling 8180020: Improve SymbolHashMap entry handling 8180433: Cleaner CLR invocation handling 8181664: Improve JVM UTF String handling 8186080: Transform XML interfaces 8186867: Improve native glyph layouts * Other fixes: 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension 8163237: Restrict the use of EXPORT cipher suites 8193683: Increase the number of clones in the CloneableDigest 8035105: DNS provider cleanups 8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits 8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java timeouts intermittently 8148108: Disable Diffie-Hellman keys less than 1024 bits 8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java failed with timeout 8159240: XSOM parser incorrectly processes type names with whitespaces 8170157: Enable unlimited cryptographic policy by default in OracleJDK 8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp 8178728: Check the AlgorithmParameters in algorithm constraints 8185909: Disable JARs signed with DSA keys less than 1024 bits 8190266: closed/java/awt/ComponentOrientation/WindowTest.java throws java.util.MissingResourceException. 8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java fails on Solaris x64 5.10 8190497: DHParameterSpec.getL() returns zero after JDK-8072452 8190541: 8u161 L10n resource file update 8192793: 8u161 L10n resource file update md20 8022532: [parfait] Potential memory leak in gtk2_interface.c 8048819: Implement reliability test for DH algorithm 6803376: BasicConstraintsExtension does not encode when (ca==false && pathLen<0) 8144593: Suppress not recognized property/feature warning messages from SAXParser 7196382: PKCS11 provider should support 2048-bit DH 8190258: (tz) Support tzdata2017c 6804045: DerValue does not accept empty OCTET STRING 7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters 8028293: Check local configuration for actual ephemeral port range 8075286: Additional tests for signature algorithm OIDs and transformation string 8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 8147969: Print size of DH keysize when errors are encountered 6893704: Potential memory leak in gtk2_interface.c Webrevs for the changes: http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/root/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/corba/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/hotspot/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxp/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxws/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jdk/webrev/ http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/langtools/webrev/ Please review. Thanks, Dmitry
