On 2/15/19 3:22 AM, Andrew Hughes wrote: > 8u201 was released recently & we've backported appropriate > changes to OpenJDK 7 to create OpenJDK 7 u211. > > The changes from u201-b00 to u211-b00 are as follows: > - S6383200: PBE: need new algorithm support in password based encryption > - S6483657: MSCAPI provider does not create unique alias names > - S8000203: File descriptor leak in > src/solaris/native/java/net/net_util_md.c > - S8008321: compile.cpp verify_graph_edges uses bool as int > - S8013069: javax.crypto tests fail with new PBE algorithm names > - S8027781: New jarsigner timestamp warning is grammatically incorrect > - S8029018: (bf) Check src/share/native/java/nio/Bits.c for JNI > pending exceptions > - S8029661: Support TLS v1.2 algorithm in SunPKCS11 provider > - S8098854: Do cleanup in a proper order in sunmscapi code > - S8133070: Hot lock on BulkCipher.isAvailable > - S8138589: Correct limits on unlimited cryptography > - S8141491: Unaligned memory access in Bits.c > - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() > - S8159805: sun/security/tools/jarsigner/warnings/NoTimestampTest.java > fails after JDK-8027781 > - S8162362: Introduce system property to control enabled ciphersuites > - S8165463: Native implementation of sunmscapi should use operator > new (nothrow) for allocations > - S8191438: jarsigner should print when a timestamp will expire > - S8199156: Better route routing > - S8199161: Better interface enumeration > - S8199166: Better interface lists > - S8199552: Update to build scripts > - S8203955: Improve robot support > - S8204895: Better icon support > - S8205330: InitialDirContext ctor sometimes throws NPE if the > server has sent a disconnection > - S8205356: Choose printer defaults > - S8205709: Proper allocation handling > - S8205714: Initial class initialization > - S8206290: Better FileChannel transfer performance > - S8206295: More reliable p11 transactions > - S8206301: Improve NIO stability > - S8207775: Better management of CipherCore buffers > - S8208583: Better management of internal KeyStore buffers > - S8208585: Make crypto code more robust > - S8209094: Improve web server connections > - S8209129: Further improvements to cipher buffer management > - S8209862: CipherCore performance improvement > - S8210094: Better loading of classloader classes > - S8210606: Improved data set handling > - S8210610: Improved LSA authentication > - S8210695: Create test to cover JDK-8205330 InitialDirContext ctor > sometimes throws NPE if the server has sent a disconnection > - S8210866: Improve JPEG processing > - S8210870: Libsunmscapi improved interactions > - S8210951: Test > sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java fails > - S8211883: Disable anon and NULL cipher suites > - S8213085: (tz) Upgrade time-zone data to tzdata2018g > - S8213368: JDK 8u201 l10n resource file update > - S8213949: OpenJDK 8 CCharToGlyphMapper.m missing the Classpath > exception license text > - S8214357: JDK 8u201 l10n resource file update md20 > - S8218798: slowdebug build broken by JDK-8205714 > > with 8029661 already present in the repository. > > Webrevs for the new changes: > > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/root/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/corba/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxp/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jaxws/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/hotspot/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/jdk/ > http://cr.openjdk.java.net/~andrew/openjdk7/20190115/langtools/ > > Ok to push? > > Thanks, >
Hi, I'm not a jdk7u reviewer but I have had a look at the following security patches and are fine to me: * 8199156 * 8199161 * 8199166 * 8203955 * 8204895 * 8205356 * 8205709 * 8206290 * 8206295 * 8206301 * 8208585 * 8209094 * 8210866 * 8210606 * 8210610 * 8210870 * 8205714 * 8210094 In addition, I'd like to propose the inclusion of the backport of 8200659 to jdk7u. Kind regards, Martin.-
