Thanks. The repositories have been updated (added new tag jdk6-b46). Dmitry
> On Mar 22, 2018, at 8:50 AM, Andrew Brygin <abry...@azul.com> wrote: > > Hello Dmitry, > > the change looks fine to me. > > Thanks, > Andrew > >> On Mar 15, 2018, at 7:26 PM, Dmitry Cherepanov <dcherepa...@azul.com> wrote: >> >> Hello, >> >> Here’s backport of security fixes (included in 8u161) to OpenJDK 6. >> >> Changes since jdk6-b45 >> >> * Security fixes: >> >> 8185292, CVE-2018-2618: Stricter key generation >> 8172525, CVE-2018-2579: Improve key keying case >> 8182601, CVE-2018-2602: Improve usage messages >> 8189284, CVE-2018-2663: More refactoring for deserialization cases >> 8178449, CVE-2018-2588: Improve LDAP logins >> 8186998, CVE-2018-2637: Improve JMX supportive features >> 8186212, CVE-2018-2629: Improve GSS handling >> 8186606, CVE-2018-2633: Improve LDAP lookup robustness >> 8190289, CVE-2018-2677: More refactoring for client deserialization cases >> 8185325, CVE-2018-2641: Improve GTK initialization >> 8182125, CVE-2018-2599: Improve reliability of DNS lookups >> 8182387, CVE-2018-2603: Improve PKCS usage >> 8191142, CVE-2018-2678: More refactoring for naming deserialization cases >> >> * Defense-in-depth fixes: >> >> 8160104: CORBA communication improvements >> 8174756: Extra validation for public keys >> 8176458: Revise default document styling >> 8178458: Better use of certificates in LDAP >> 8178466: Better RSA parameters >> 8179990: Cleaner palette entry handling >> 8180011: Cleaner native graphics device handling >> 8180015: Cleaner AWT robot handling >> 8180020: Improve SymbolHashMap entry handling >> 8180433: Cleaner CLR invocation handling >> 8181664: Improve JVM UTF String handling >> 8186080: Transform XML interfaces >> 8186867: Improve native glyph layouts >> >> * Other fixes: >> >> 8148421: Transport Layer Security (TLS) Session Hash and Extended Master >> Secret Extension >> 8163237: Restrict the use of EXPORT cipher suites >> 8193683: Increase the number of clones in the CloneableDigest >> 8035105: DNS provider cleanups >> 8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits >> 8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java >> timeouts intermittently >> 8148108: Disable Diffie-Hellman keys less than 1024 bits >> 8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java >> failed with timeout >> 8159240: XSOM parser incorrectly processes type names with whitespaces >> 8170157: Enable unlimited cryptographic policy by default in OracleJDK >> 8170536: Uninitialised memory in set_uintx_flag of attachListener.cpp >> 8178728: Check the AlgorithmParameters in algorithm constraints >> 8185909: Disable JARs signed with DSA keys less than 1024 bits >> 8190266: closed/java/awt/ComponentOrientation/WindowTest.java throws >> java.util.MissingResourceException. >> 8190449: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java fails on >> Solaris x64 5.10 >> 8190497: DHParameterSpec.getL() returns zero after JDK-8072452 >> 8190541: 8u161 L10n resource file update >> 8192793: 8u161 L10n resource file update md20 >> 8022532: [parfait] Potential memory leak in gtk2_interface.c >> 8048819: Implement reliability test for DH algorithm >> 6803376: BasicConstraintsExtension does not encode when (ca==false && >> pathLen<0) >> 8144593: Suppress not recognized property/feature warning messages from >> SAXParser >> 7196382: PKCS11 provider should support 2048-bit DH >> 8190258: (tz) Support tzdata2017c >> 6804045: DerValue does not accept empty OCTET STRING >> 7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed >> parameters >> 8028293: Check local configuration for actual ephemeral port range >> 8075286: Additional tests for signature algorithm OIDs and transformation >> string >> 8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 >> 8147969: Print size of DH keysize when errors are encountered >> 6893704: Potential memory leak in gtk2_interface.c >> >> Webrevs for the changes: >> >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/root/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/corba/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/hotspot/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxp/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jaxws/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/jdk/webrev/ >> http://cr.openjdk.java.net/~dcherepanov/openjdk6/Jan_2018/webrevs/langtools/webrev/ >> >> Please review. >> >> Thanks, >> >> Dmitry >> >