~openjdk/openjdk/openjdk7 : changes

~openjdk/openjdk/openjdk7 » Changes from revision 612

From Revision 612 to 593

Rev	Summary	Authors	Date
612	* Remove obsolete changelog entries from previous release. * Remove obsolete changelog entries from previous release.	Matthias Klose	8 years ago
611	* Remove obsolete changelog entries from previous release. * Remove obsolete changelog entries from previous release.	Matthias Klose	8 years ago
610	openjdk-7 (7u121-2.6.8-2) experimental; urgency=high openjdk-7 (7u121-2.6.8-2) experimental; urgency=high [ Tiago Stürmer Daitx ] * Security fixes from 8u121: - S8167104, CVE-2017-3289: Custom class constructor code can bypass the required call to super.init allowing for uninitialized objects to be created. - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling dispose() on a CMenuComponentmultiple times. - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique. - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt sections to be 2^32-1 bytes long so these should not be uncompressed unless the user explicitly requests it. - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may leak information about k. - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to deserialize responses from an LDAP server when an LDAP context is expected. - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how users or external applications would interpret them leading to possible security issues. - S8168705, CVE-2016-5547: A value from an InputStream is read directly into the size argument of a new byte[] without validation. - S8164147, CVE-2017-3261: An integer overflow exists in SocketOutputStream which can lead to memorydisclosure. - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. * Missing - S8165344, CVE-2017-3272: A protected field can be leveraged into type confusion. - S8156802, CVE-2017-3241: RMI deserialization should limit the types deserialized to prevent attacks that could escape the sandbox. * Ignored - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may leak information about k. -- Matthias Klose <doko@ubuntu.com> Tue, 07 Feb 2017 11:09:39 +0100	Matthias Klose	8 years ago
609	openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium * IcedTea release 2.6.8 (based on 7u121): -- Matthias Klose <doko@ubuntu.com> Mon, 14 Nov 2016 13:38:40 +0100	Matthias Klose	8 years ago
608	- upload 7u111-2.6.7-3 - upload 7u111-2.6.7-3	Matthias Klose	8 years ago
607	[ Tiago Stürmer Daitx ] [ Tiago Stürmer Daitx ] * Don't use precompiled header files on arm64. * Update the sec-webrev-8u111-S8159503.hotspot patch.	Matthias Klose	8 years ago
606	[ Tiago Stürmer Daitx ] [ Tiago Stürmer Daitx ] * Backported security fixes from 8u111: - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * debian/rules: - removed lcms version 1 option as no current release uses that, lcms2 is now default. - removed in-tree/system lcms selection to always use system's lcms. - removed all cacao references except for the transitional cacao package. - updated jtreg tests to use othervm. - simplified rhino and libcups dependency selection. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/control.in: removed cacao references. * debian/README.source: removed cacao references. * debian/patches/cacao-armv4.diff: deleted file. * Makefile.am: remove -samevm * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM after the introduction of two new Unsafe methods in the OpenJDK hotspot. Closes: #833933. (LP: #1611598)	Matthias Klose	8 years ago
605	- check-in remaining changes for 7u111-2.6.7-1 upload - check-in remaining changes for 7u111-2.6.7-1 upload	Matthias Klose	8 years ago
604	openjdk-7 (7u101-2.6.6-2) experimental; urgency=medium openjdk-7 (7u101-2.6.6-2) experimental; urgency=medium * Configure with --disable-arm32-jit, broken by the security update. -- Matthias Klose <doko@ubuntu.com> Sat, 23 Apr 2016 02:28:28 +0200	Matthias Klose	8 years ago
603	openjdk-7 (7u101-2.6.6-1) experimental; urgency=medium openjdk-7 (7u101-2.6.6-1) experimental; urgency=medium [ Tiago Stürmer Daitx ] * IcedTea release 2.6.6 (based on 7u101): * Security fixes - S8129952, CVE-2016-0686: Ensure thread consistency - S8132051, CVE-2016-0687: Better byte behavior - S8138593, CVE-2016-0695: Make DSA more fair - S8139008: Better state table management - S8143167, CVE-2016-3425: Better buffering of XML strings - S8144430, CVE-2016-3427: Improve JMX connections - S8146494: Better ligature substitution - S8146498: Better device table adjustments * debian/patches/jdk-8152335-improve-methodhandle-consistency.patch: removed, fix is upstream since 2.6.5 [ Matthias Klose ] * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used (Andreas Beckmann). Closes: #821858. -- Matthias Klose <doko@ubuntu.com> Fri, 22 Apr 2016 21:14:22 +0200	Matthias Klose	8 years ago
602	openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium [ Tiago Stürmer Daitx ] * SECURITY UPDATE: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. - d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335, CVE-2016-0636: Improve MethodHandle consistency [ Matthias Klose ] * Use internal tzdata for builds in stretch, unstable, experimental. Closes: #818308. -- Matthias Klose <doko@ubuntu.com> Thu, 24 Mar 2016 15:24:32 +0100 openjdk-7 (7u95-2.6.4-2) experimental; urgency=medium * Upload to experimental. -- Matthias Klose <doko@ubuntu.com> Fri, 05 Feb 2016 17:51:20 +0100 openjdk-7 (7u95-2.6.4-1) unstable; urgency=high [ Tiago Stürmer Daitx ] * IcedTea release 2.6.4 (based on 7u95): * Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH) * debian/patches/it-debian-build-flags.diff: refreshed * debian/patches/it-set-compiler.diff: refreshed * debian/patches/it-use-quilt.diff: refreshed * debian/patches/it-jamvm-2.0.diff: refreshed * debian/patches/icedtea-pretend-memory.diff: refreshed * debian/patches/fix_extra_flags-default.diff: refreshed * debian/patches/zero-sparc.diff: refreshed [ Matthias Klose ] * Remove obsolete IcedTea configure options. * Fix build failure on squeeze (Thorsten Glaser). Closes: #809205. * Don't run the test on mips, still having stone age buildd hardware and empty promises to fix these issues since 2010. -- Matthias Klose <doko@ubuntu.com> Thu, 21 Jan 2016 13:17:54 +0100	Matthias Klose	8 years ago
601	openjdk-7 (7u91-2.6.3-3) unstable; urgency=medium openjdk-7 (7u91-2.6.3-3) unstable; urgency=medium * Fix stripping packages (use bash instead of expr substring). * openjdk-jre-headless: Add dependency on the package containing the mountpoint binary. Closes: #803717. * openjdk-7-jdk: Fix typo in sdk provides. Closes: #803150. * Build using giflib 5. -- Matthias Klose <doko@ubuntu.com> Mon, 30 Nov 2015 06:27:48 +0100	Matthias Klose	9 years ago
600	* Fix stripping packages (use bash instead of expr substring... * Fix stripping packages (use bash instead of expr substring).	Matthias Klose	9 years ago
599	openjdk-7 (7u91-2.6.3-2) unstable; urgency=medium openjdk-7 (7u91-2.6.3-2) unstable; urgency=medium * Enable sparc64 for hotspot (John Paul Adrian Glaubitz). * Add debian/patches/sparc-libproc-fix.diff to include missing headers on sparc64 (David Matthew Mattli). Closes: #805846. -- Matthias Klose <doko@ubuntu.com> Wed, 25 Nov 2015 23:38:54 +0100 openjdk-7 (7u91-2.6.3-1) unstable; urgency=medium [ Tiago Stürmer Daitx ] * Icedtea release 2.6.3 (based on 7u91): * Security fixes - S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed -- Matthias Klose <doko@ubuntu.com> Thu, 19 Nov 2015 01:27:25 +0100	Matthias Klose	9 years ago
598	openjdk-7 (7u91-2.6.2-1) unstable; urgency=medium openjdk-7 (7u91-2.6.2-1) unstable; urgency=medium [ Tiago Stürmer Daitx ] * IcedTea release 2.6.2 (based on 7u91): * Security fixes - S8048030, CVE-2015-4734: Expectations should be consistent - S8068842, CVE-2015-4803: Better JAXP data handling - S8076339, CVE-2015-4903: Better handling of remote object invocation - S8076383, CVE-2015-4835: Better CORBA exception handling - S8076387, CVE-2015-4882: Better CORBA value handling - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency - S8076413, CVE-2015-4883: Better JRMP message handling - S8078427, CVE-2015-4842: More supportive home environment - S8078440: Safer managed types - S8080541: More direct property handling - S8080688, CVE-2015-4860: Service for DGC services - S8081760: Better group dynamics - S8086092, CVE-2015-4840: More palette improvements - S8086733, CVE-2015-4893: Improve namespace handling - S8087350: Improve array conversions - S8103671, CVE-2015-4805: More objective stream classes - S8103675: Better Binary searches - S8130078, CVE-2015-4911: Document better processing - S8130193, CVE-2015-4806: Improve HTTP connections - S8130864: Better server identity handling - S8130891, CVE-2015-4843: (bf) More direct buffering - S8131291, CVE-2015-4872: Perfect parameter patterning - S8132042, CVE-2015-4844: Preserve layout presentation * d/patches/it-debian-build-flags.diff: refreshed * d/patches/it-set-compiler.diff: refreshed * d/patches/it-use-quilt.diff: refreshed and updated * d/patches/it-jamvm-2.0.diff: refreshed * d/patches/xrender: removed as it was applied upstream -- Matthias Klose <doko@ubuntu.com> Sun, 25 Oct 2015 22:30:06 +0100	Matthias Klose	9 years ago
597	openjdk-7 (7u85-2.6.1-6) unstable; urgency=high openjdk-7 (7u85-2.6.1-6) unstable; urgency=high [ Tiago Stürmer Daitx ] * Security fixes - S8048030, CVE-2015-4734: Expectations should be consistent - S8068842, CVE-2015-4803: Better JAXP data handling - S8076339, CVE-2015-4903: Better handling of remote object invocation - S8076383, CVE-2015-4835: Better CORBA exception handling - S8076387, CVE-2015-4882: Better CORBA value handling - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency - S8076413, CVE-2015-4883: Better JRMP message handling - S8078427, CVE-2015-4842: More supportive home environment - S8078440: Safer managed types - S8080541: More direct property handling - S8080688, CVE-2015-4860: Service for DGC services - S8081744, CVE-2015-4868: Clear out list corner case - S8081760: Better group dynamics - S8086092. CVE-2015-4840: More palette improvements - S8086733, CVE-2015-4893: Improve namespace handling - S8087350: Improve array conversions - S8103671, CVE-2015-4805: More objective stream classes - S8103675: Better Binary searches - S8129611: Accessbridge error handling improvement - S8130078, CVE-2015-4911: Document better processing - S8130185: More accessible access switch - S8130193, CVE-2015-4806: Improve HTTP connections - S8130864: Better server identity handling - S8130891, CVE-2015-4843: (bf) More direct buffering - S8131291, CVE-2015-4872: Perfect parameter patterning - S8132042, CVE-2015-4844: Preserve layout presentation * S6966259: Make PrincipalName and Realm immutable, required for S8048030 * S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java [ Matthias Klose ] * Re-enable the atk bridge for releases with a fixed atk bridge. Again closes: #797595. -- Matthias Klose <doko@ubuntu.com> Thu, 22 Oct 2015 00:42:34 +0200	Matthias Klose	9 years ago
596	* IcedTea7 2.6.1 release (based on OpenJDK 7u85). * IcedTea7 2.6.1 release (based on OpenJDK 7u85).	Matthias Klose	9 years ago
595	* Make derivatives builds the same as the parent distro. Clo... * Make derivatives builds the same as the parent distro. Closes: #797662.	Matthias Klose	9 years ago
594	* Re-enable the atk bridge for releases with a fixed atk bri... * Re-enable the atk bridge for releases with a fixed atk bridge. Closes: #797595.	Matthias Klose	9 years ago
593	* Sort the enums and the annotations in the package-tree.htm... * Sort the enums and the annotations in the package-tree.html files (Emmanuel Bourg). Closes: #787159.	Matthias Klose	9 years ago

Older »