Hello Dmitry, the change looks fine to me.
Thanks, Andrew > On Mar 15, 2018, at 7:26 PM, Dmitry Cherepanov <dcherepa...@azul.com> wrote: > > Hello, > > Here’s backport of security fixes (included in 8u161) to OpenJDK 6. > > Changes since jdk6-b45 > > * Security fixes: > > 8185292, CVE-2018-2618: Stricter key generation > 8172525, CVE-2018-2579: Improve key keying case > 8182601, CVE-2018-2602: Improve usage messages > 8189284, CVE-2018-2663: More refactoring for deserialization cases > 8178449, CVE-2018-2588: Improve LDAP logins > 8186998, CVE-2018-2637: Improve JMX supportive features > 8186212, CVE-2018-2629: Improve GSS handling > 8186606, CVE-2018-2633: Improve LDAP lookup robustness > 8190289, CVE-2018-2677: More refactoring for client deserialization cases > 8185325, CVE-2018-2641: Improve GTK initialization > 8182125, CVE-2018-2599: Improve reliability of DNS lookups > 8182387, CVE-2018-2603: Improve PKCS usage > 8191142, CVE-2018-2678: More refactoring for naming deserialization cases > > * Defense-in-depth fixes: > > 8160104: CORBA communication improvements > 8174756: Extra validation for public keys > 8176458: Revise default document styling > 8178458: Better use of certificates in LDAP > 8178466: Better RSA parameters > 8179990: Cleaner palette entry handling > 8180011: Cleaner native graphics device handling > 8180015: Cleaner AWT robot handling > 8180020: Improve SymbolHashMap entry handling > 8180433: Cleaner CLR invocation handling > 8181664: Improve JVM UTF String handling > 8186080: Transform XML interfaces > 8186867: Improve native glyph layouts > > * Other fixes: > > 8148421: Transport Layer Security (TLS) Session Hash and Extended Master > Secret Extension > 8163237: Restrict the use of EXPORT cipher suites > 8193683: Increase the number of clones in the CloneableDigest > 8035105: DNS provider cleanups > 8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits > 8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java > timeouts intermittently > 8148108: Disable Diffie-Hellman keys less than 1024 bits > 8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java > failed with timeout > 8159240: XSOM parser incorrectly processes type names with whitespaces > 8170157: Enable unlimited cryptographic policy by default in OracleJDK > 8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp > 8178728: Check the AlgorithmParameters in algorithm constraints > 8185909: Disable JARs signed with DSA keys less than 1024 bits > 8190266: closed/java/awt/ComponentOrientation/WindowTest.java throws > java.util.MissingResourceException. > 8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java fails on > Solaris x64 5.10 > 8190497: DHParameterSpec.getL() returns zero after JDK-8072452 > 8190541: 8u161 L10n resource file update > 8192793: 8u161 L10n resource file update md20 > 8022532: [parfait] Potential memory leak in gtk2_interface.c > 8048819: Implement reliability test for DH algorithm > 6803376: BasicConstraintsExtension does not encode when (ca==false && > pathLen<0) > 8144593: Suppress not recognized property/feature warning messages from > SAXParser > 7196382: PKCS11 provider should support 2048-bit DH > 8190258: (tz) Support tzdata2017c > 6804045: DerValue does not accept empty OCTET STRING > 7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed > parameters > 8028293: Check local configuration for actual ephemeral port range > 8075286: Additional tests for signature algorithm OIDs and transformation > string > 8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 > 8147969: Print size of DH keysize when errors are encountered > 6893704: Potential memory leak in gtk2_interface.c > > Webrevs for the changes: > > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/root/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/corba/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/hotspot/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxp/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxws/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jdk/webrev/ > http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/langtools/webrev/ > > Please review. > > Thanks, > > Dmitry >
