On 13/02/2020 22:32, Bradford Wetmore wrote:
snip...
>>
>> I wasn't looking at the web pages, but just at the patch file
>> (https://cr.openjdk.java.net/~wetmore/MR3-codereview-8u252/PSS/webrev.01/jdk.patch)
>>
>> and comparing with the changesets from 11u.
>
> I'm a hardcore webrev/frames
On 08/02/2020 00:10, Bradford Wetmore wrote:
> On 2/5/2020 9:40 PM, Andrew John Hughes wrote:> First of all, thanks
> again for posting these patches and also for the
>> comprehensive list of issues for both of them. They pretty much matched
>> up with what I saw when
On 04/02/2020 23:24, Bradford Wetmore wrote:
> I added a simple PSS 32-bit windows crash fix, which was previously
> reviewed in security-dev earlier today [0].
>
> 8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
>
> The PSS webrev is now at version .01.
>
> Otherwise,
On 04/02/2020 23:24, Bradford Wetmore wrote:
> I added a simple PSS 32-bit windows crash fix, which was previously
> reviewed in security-dev earlier today [0].
>
> 8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
>
> The PSS webrev is now at version .01.
>
> Otherwise,
On 28/01/2020 21:00, Bradford Wetmore wrote:
> Good morning/afternoon/evening/night,
>
> As announced on jdk8u-dev[1], there is a Maintenance Release in progress
> for Java SE 8 (i.e. JSR 337) [2] to include two security features
> important for TLS 1.3:
>
> 1. Application-Layer Protocol
On 19/12/2019 20:13, Severin Gehwolf wrote:
snip...
>>>
>>
>> Going on this & the similar Amazon fix, I'd say we should backport
>> JDK-8193255 & JDK-8225392 first. The previous updates which alter a
>> binary file have been pretty much unreviewable and, if there's a better
>> solution to
On 17/12/2019 19:30, Severin Gehwolf wrote:
> Hi,
>
> Could I please get a review of this OpenJDK 8u backport of 8232019. The
> JDK 11 patch did not apply cleanly for a couple of reasons:
>
>1. 8u still has the binary blob for cacerts (JDK-8193255 not
> backported, yet). Instead,
On 14/11/2019 02:05, Bradford Wetmore wrote:
> Xuelei/Valerie (+ any other codereviewers),
>
> As announced on jdk8u-dev[1], there is a Maintenance Release in progress
> for Java SE 8 (i.e. JSR 337) [2] to include two security features
> important for TLS 1.3:
>
> 1. Application-Layer
On 02/09/2019 16:05, Severin Gehwolf wrote:
> On Mon, 2019-09-02 at 15:38 +0100, Andrew John Hughes wrote:
>>
>> On 26/08/2019 14:24, Severin Gehwolf wrote:
>>> Hi,
>>>
>>> Could I get a review of this follow-up fix for an 8u backport (JDK-
>>&
On 26/08/2019 14:24, Severin Gehwolf wrote:
> Hi,
>
> Could I get a review of this follow-up fix for an 8u backport (JDK-
> 8218780)? This follow-up re-adds a COPYING file to the MUSCLE pcsc
> library header files removed by the JDK-8218780 backport. The patch
> differs from the version in JDK
On 02/09/2019 13:14, Severin Gehwolf wrote:
snip...
>>>
>>
>> Most of this looks good. I was a little confused at first because the
>> patch in your webrev looks quite different to the 11u changeset.
>> However, once applied locally to the 8u repo, the diff between the two
>> was as suggested
On 26/08/2019 14:23, Severin Gehwolf wrote:
> Hi,
>
> Could I please get a review of this MUSCLE header files update in
> OpenJDK 8u? I'd like to backport this bug as it's also going to be in
> Oracle JDK 8u231 (equiv to OpenJDK 8u232) as well. The OpenJDK 11 patch
> applies almost cleanly post
Forwarding to security-dev as this was backported from later JDK versions:
On 09/08/2019 20:52, Alvarez, David wrote:
> Hello,
>
> We have detected that JDK-8219988 [1], that has been included in OpenJDK 8u222
> included a non-documented change in the behavior of the
> javax.net.ssl.trustStore
On 28/06/2019 07:14, Alvarez, David wrote:
> Looks good to me
>
Thanks David. Pushed:
https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/9b5707865a97
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222
On 14/06/2019 23:33, Alvarez, David wrote:
> Hi,
>
> Please review this backport of JDK-8208698: Improved ECC Implementation
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8208698
> Original: http://hg.openjdk.java.net/jdk/jdk/rev/752e57845ad2
> Webrev:
On 27/06/2019 11:12, Langer, Christoph wrote:
> Hi,
>
>
>
> I made a mistake when bringing JDK-8226880 to 11u. The patch introduced
> coding of JDK-8205476 that should not be there. Here is a patch to fix this.
>
>
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8226880
>
> Webrev:
On 14/06/2019 22:37, Alvarez, David wrote:
> Hi,
>
> Here is the proper RFR for 8208648: ECC Field Arithmetic Enhancements
>
> Sorry for the confusion
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8208648
> Original: http://hg.openjdk.java.net/jdk/jdk/rev/746602d9682f
> Webrev:
On 28/05/2019 08:21, Langer, Christoph wrote:
> Hi,
>
> please review this backport of JDK-8208698: Improved ECC Implementation.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8208698
> Original Change: http://hg.openjdk.java.net/jdk/jdk/rev/752e57845ad2
> Webrev:
On 18/06/2019 20:30, Alvarez, David wrote:
> Here is the updated webrev with suggested changes:
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8181594
> Original: http://hg.openjdk.java.net/jdk/jdk/rev/d213d70182a9
> Webrev: http://cr.openjdk.java.net/~phh/8181594/webrev.8u.02/
>
> --
>
On 18/06/2019 19:37, Andrew John Hughes wrote:
> On 14/06/2019 22:37, Alvarez, David wrote:
>> Hi,
>>
>> Here is the proper RFR for 8208648: ECC Field Arithmetic Enhancements
>>
>> Sorry for the confusion
>>
>> Bug: https://bugs.openjdk.
On 14/06/2019 22:37, Alvarez, David wrote:
> Hi,
>
> Here is the proper RFR for 8208648: ECC Field Arithmetic Enhancements
>
> Sorry for the confusion
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8208648
> Original: http://hg.openjdk.java.net/jdk/jdk/rev/746602d9682f
> Webrev:
On 14/06/2019 22:16, Alvarez, David wrote:
> Correction, this is the RFR for 8181594: Efficient and constant-time modular
> arithmetic
>
> On 2019-06-14, 14:13, "Alvarez, David" wrote:
>
> Hi,
>
> Please review this backport of JDK-8181594: Efficient and constant-time
>
On 17/05/2019 17:00, Severin Gehwolf wrote:
> On Fri, 2019-05-17 at 16:28 +0100, Andrew John Hughes wrote:
>>
>> On 17/05/2019 12:37, Severin Gehwolf wrote:
>>
>> snip...
>>
>>> The reason was that it's not a good test to be run automatically. It
&
On 17/05/2019 12:37, Severin Gehwolf wrote:
snip...
>
> The reason was that it's not a good test to be run automatically. It
> would have to have some heuristic which it uses as "passed" and "fail".
> Checking in the code anyway has a tendency for it to bitrot. If you
> really feel strongly
On 16/05/2019 18:51, Severin Gehwolf wrote:
> Hi,
>
> Could I please get a review of this OpenJDK 8u only fix? JDKs 11+ don't
> seems to have this issue as with the TLS 1.3 feature (JDK-8196584)
> SessionId.hashCode() got changed to use Arrays.hashCode() already.
>
> webrev:
On 15/03/2019 17:58, Hohensee, Paul wrote:
> +1
>
> Paul
>
> On 3/15/19, 4:00 AM, "jdk8u-dev on behalf of Aleksey Shipilev"
> wrote:
>
> On 3/15/19 5:55 AM, Andrew John Hughes wrote:
> > Bug: https://bugs.openjdk.java.net/browse/JDK-8220641
>
Bug: https://bugs.openjdk.java.net/browse/JDK-8220641
Webrev: https://cr.openjdk.java.net/~andrew/openjdk8/8220641/webrev.01/
This is the patch we split out from my original post for 8175120. It
applies the same change to the @run command in KdcPolicy.java as was
applied to the tests deleted by
On 10:41 Thu 25 Aug , Weijun Wang wrote:
Hi All
I was talking with Xuelei on how to better display certificate info.
There are 3 cases we can currently think of:
1. debug output
2. keytool/jarsigner output
3. Java plugin display
The 1st one is the most primitive one and can be a
On 17:11 Tue 02 Aug , Alan Bateman wrote:
Xuelei Fan wrote:
:
1. I noticed the copyright date of a few files are unchanged, please
update them before you push the changes.
This has come up a few times but I don't think it is strictly required.
Kelly or one of the release
On 16:50 Tue 03 May , Matthias Klose wrote:
[resending, had the jdk email address wrong]
The following code distributed in 7b130 doesn't have any source code, or at
least nobody can find it.
in langtools:
test/tools/javac/T5090006/broken.jar
could the source code be added to the
On 22 November 2010 14:20, Vincent Ryan vincent.x.r...@oracle.com wrote:
Fix looks good Sean.
On 22/11/2010 13:50, Seán Coffey wrote:
Brad, Vinnie,
This is a forward port of 6998583 to JDK 7. Can you review ?
http://cr.openjdk.java.net/~coffeys/6998583/webrev.6998583.0/
Thanks,
Sean.
On 25 November 2010 00:29, Dr Andrew John Hughes
gnu_and...@member.fsf.org wrote:
On 22 November 2010 14:20, Vincent Ryan vincent.x.r...@oracle.com wrote:
Fix looks good Sean.
On 22/11/2010 13:50, Seán Coffey wrote:
Brad, Vinnie,
This is a forward port of 6998583 to JDK 7. Can you review
in
OpenJDK6 and 7.
Thanks - Mike
At 07:17 PM 6/27/2010, Andrew John Hughes wrote:
At 05:37 PM 6/27/2010, Michael StJohns wrote:
Hi guys -
I see from the Mercurial logs that this went in to both the jdk6 and jdk7
repositories. Â For jdk6 - it's rev 302 which looks like this should have
ended up
On 20 April 2010 14:57, Chris Hegarty chris.hega...@oracle.com wrote:
Brad,
Sorry to chime in late, but would it make server side rules/filtering
simpler if we added the mailing list name in the subject line?
The reason I ask is that since moving to a new mail server I can no longer
create
the top level of the webrev is preferred.
Whoops! Sorry, I usually do post the right URL. Must have copied the
wrong one.
Thanks!
Brad
On 4/12/2010 8:49 AM, Andrew John Hughes wrote:
Hi,
I'm trying to debug an issue with the NSS provider crashing on a
number of JTreg tests. See
http
Hi,
I'm trying to debug an issue with the NSS provider crashing on a
number of JTreg tests. See
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469
I found a couple of issues in doing so:
* The stack trace is incomplete as a couple of exceptions are thrown
using only the message without
On 9 April 2010 14:18, Sean Mullan sean.mul...@oracle.com wrote:
Hi Andrew,
Could I get a quick code review for 6909281 which also needs to be fixed in
JDK 7:
http://cr.openjdk.java.net/~mullan/6909281/webrev/
Thanks,
Sean
Sure. Looks good to me.
--
Andrew :-)
Free Java Software
On 18 March 2010 14:28, Christopher Hegarty -Sun Microsystems Ireland
christopher.hega...@sun.com wrote:
Alan Bateman wrote:
Pavel Tisnovsky wrote:
Hi,
please review new regression test for java.net.* API. This test check if
the cacerts keytool database is configured properly and SSL is
On 18 March 2010 14:57, Christopher Hegarty -Sun Microsystems Ireland
christopher.hega...@sun.com wrote:
Pavel Tisnovsky wrote:
Christopher Hegarty -Sun Microsystems Ireland wrote:
Alan Bateman wrote:
Pavel Tisnovsky wrote:
Hi,
please review new regression test for java.net.* API. This
On 18 March 2010 15:07, Christopher Hegarty -Sun Microsystems Ireland
christopher.hega...@sun.com wrote:
Sean Mullan wrote:
Security folk:
Do we currently have any tests with a dependency on cacerts?
yes, but they would be in the closed tests.
So we have your own non public tests
On 18 March 2010 15:13, Sean Mullan sean.mul...@sun.com wrote:
Andrew John Hughes wrote:
This has been posted about before; OpenJDK currently can't bootstrap
itself because it doesn't have a working cacerts store (the JAXP URL
uses https).
I don't know how to solve this; we can certainly
On 18 March 2010 18:40, Brad Wetmore bradford.wetm...@sun.com wrote:
I have a couple important tasks to finish ASAP, so if there is more
discussion, I'll have to jump in sometime next week, but wanted to add
one thing before anything was done:
Pavel wrote:
And we can use other URL if
is
always broken for OpenJDK builds. Is this something we really want?
-Chris
Andrew John Hughes wrote:
On 18 March 2010 18:40, Brad Wetmore bradford.wetm...@sun.com wrote:
I have a couple important tasks to finish ASAP, so if there is more
discussion, I'll have to jump in sometime next
On 18 March 2010 21:12, Christopher Hegarty -Sun Microsystems Ireland
christopher.hega...@sun.com wrote:
Andrew John Hughes wrote:
On 18 March 2010 20:56, Christopher Hegarty -Sun Microsystems Ireland
christopher.hega...@sun.com wrote:
Brad, Pavel, Andrew,
I'm also not comfortable
their problem.
Mike
At 12:33 PM 9/24/2009, Vincent Ryan wrote:
Hello Andrew,
I'll need a little more time to come up to speed on this fix. I'm concerned
that
there may be interoperability or backwards compatibility issues.
Andrew John Hughes wrote:
2009/9/2 Andrew John Hughes gnu_and
2010/1/18 Alan Bateman alan.bate...@sun.com:
Andrew John Hughes wrote:
:
As mentioned by Joe
(http://mail.openjdk.java.net/pipermail/jdk6-dev/2010-January/001135.html)
patches for jdk6 should be sent to the jdk6-dev list before being
pushed to the jdk6 tree.
It might be good to also ping
2009/12/3 Pavel Tisnovsky ptisn...@redhat.com:
Hi,
patch for regression test sun/security/tools/keytool/StartDate.java
(included in OpenJDK6) is exposed at
http://cr.openjdk.java.net/~ptisnovs/StartDateTest/
and prepared for review.
This patch ensures, that this test does not fail on
2009/11/2 Michael StJohns mstjo...@comcast.net:
I submitted the fix a while ago at
https://bugs.openjdk.java.net/show_bug.cgi?id=100048
Still pending... Mike
At 03:38 AM 11/2/2009, Tomas Gustavsson wrote:
Hi,
I found this by for Elliptic curve crypto:
2009/10/5 Tomas Gustavsson to...@primekey.se:
Hi Vincent and Brad,
I'm not sure how things are at Sun currently. We work with Sun here in
Sweden so we've heard a bit about wait with the Oracle story.
Anyhow I just want to let you know that if anyone is still working on
crypto that this bug
: Lars (who is my collegue) has completed the Sun Contribution
Agreement.
Andrew John Hughes wrote:
2009/10/5 Tomas Gustavsson to...@primekey.se:
Hi Vincent and Brad,
I'm not sure how things are at Sun currently. We work with Sun here in
Sweden so we've heard a bit about wait with the Oracle
2009/9/2 Andrew John Hughes gnu_and...@member.fsf.org:
2009/9/2 Michael StJohns mstjo...@comcast.net:
At 09:38 PM 9/1/2009, Andrew John Hughes wrote:
2009/9/2 Michael StJohns mstjo...@comcast.net:
 This appears to be related specifically to PKCS11. Specifically, PKCS11
v2.20 has some
2009/9/10 Michael StJohns mstjo...@comcast.net:
That makes sense - but was a surprise. Let me see if I can get one of the
companies I work with to contribute their simulator - not to be shipped, but
to be tested against. The simulator runs at 32bits, but the pkcs11 library
that talks to
2009/9/10 Andrew John Hughes gnu_and...@member.fsf.org:
2009/9/9 Vincent Ryan vincent.r...@sun.com:
Hello Andrew,
I realize that you, along with others in the Linux community, are less
than satisfied with the changeset to provide out-of-the-box support for
ECC algorithms.
As I mentioned
2009/9/9 Vincent Ryan vincent.r...@sun.com:
Hello Andrew,
I realize that you, along with others in the Linux community, are less
than satisfied with the changeset to provide out-of-the-box support for
ECC algorithms.
As I mentioned earlier, we were quite constrained in what we could
openly
2009/9/3 Michael StJohns mstjo...@comcast.net:
At 03:14 PM 9/2/2009, Andrew John Hughes wrote:
Ok here is a new webrev:
http://cr.openjdk.java.net/~andrew/6763530/webrev.02/
with a slightly revised version of your change (you can't throw a
PKCS11Exception which only takes a long ID from
2009/9/2 Michael StJohns mstjo...@comcast.net:
At 09:38 PM 9/1/2009, Andrew John Hughes wrote:
2009/9/2 Michael StJohns mstjo...@comcast.net:
 This appears to be related specifically to PKCS11. Specifically, PKCS11
v2.20 has some ambiguity of the representation of an EC point (which
/2009, Joe Darcy wrote:
Andrew John Hughes wrote:
2009/8/28 Andrew John Hughes gnu_and...@member.fsf.org:
In OpenJDK6, the elliptic curve cryptography algorithms are available
if the PKCS11 provider is configured to point to NSS. See:
http://blogs.sun.com/andreas/entry
2009/8/28 Max (Weijun) Wang weijun.w...@sun.com:
On Aug 28, 2009, at 10:17 PM, Andrew John Hughes wrote:
2009/8/28 Max (Weijun) Wang weijun.w...@sun.com:
On Aug 28, 2009, at 9:56 AM, Andrew John Hughes wrote:
2009/8/28 Max (Weijun) Wang weijun.w...@sun.com:
On Aug 27, 2009, at 9:52 PM
In OpenJDK6, the elliptic curve cryptography algorithms are available
if the PKCS11 provider is configured to point to NSS. See:
http://blogs.sun.com/andreas/entry/the_java_pkcs_11_provider
If NSS is configured as specified in this blog, keytool can be used to
generate a key as follows:
$
2009/8/28 Max (Weijun) Wang weijun.w...@sun.com:
On Aug 27, 2009, at 9:52 PM, Andrew John Hughes wrote:
The problem is more the fact that it's an additional copy rather than
using the system installation, which means it has to be patched for
bugs and security fixes separately. For IcedTea
2009/8/22 Mark Wielaard m...@klomp.org:
Hi Andrew,
On Fri, 2009-08-21 at 20:35 +0100, Andrew John Hughes wrote:
2009/8/21 Mark Wielaard m...@klomp.org:
On Thu, 2009-08-20 at 15:40 -0700, Mark Reinhold wrote:
This change was integrated prematurely. I've rolled it back in the
jdk7/tl/jdk
With this changeset:
http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/1ff7163fc5f7
the new ECC was added to OpenJDK. When I first read about this, I'd
assumed we were getting a Java-based implementation. The final
changeset seem to just be an inclusion of the NSS code into the
OpenJDK codebase,
2009/8/21 Mark Wielaard m...@klomp.org:
Hi Mark,
On Thu, 2009-08-20 at 15:40 -0700, Mark Reinhold wrote:
This change was integrated prematurely. I've rolled it back in the
jdk7/tl/jdk repository.
If at all possible, please don't do this. It plays havoc with already
checked out repos
63 matches
Mail list logo
