~openjdk/openjdk/openjdk7 : changes

~openjdk/openjdk/openjdk7 » Changes from revision 626

From Revision 624 to 605

Rev	Summary	Authors	Date
624	openjdk-7 (7u181-2.6.14-2) experimental; urgency=medium openjdk-7 (7u181-2.6.14-2) experimental; urgency=medium * Apply 7u191-b01 and 7u201-b00 security patches. * Security fixes: - CVE-2018-3136, S8194534: Manifest better support. - CVE-2018-3139, S8196902: Better HTTP redirection support. - CVE-2018-3149, S8199177: Enhance JNDI lookups. - CVE-2018-3169, S8199226: Improve field accesses. - CVE-2018-3180, S8202613: Improve TLS connections stability. - CVE-2018-2938, S8197871: Support Derby connections. - CVE-2018-2952, S8199547: Exception to Pattern Syntax. - S8191239: Improve desktop file usage. - S8193419: Better Internet address support. - S8197925: Better stack walking. - S8200666: Improve LDAP support. * debian/patches/hotspot-disable-exec-shield-workaround.patch: removed, upstream fixed i386 stack guard support in S8197429 (hotspot's mercurial commit 6636:d673ec579604). * debian/patches/jdk-freetypeScaler-crash.diff: removed, it caused a memory leak and has been fixed upstream already, albeit in a different way. Closes: #910672. * debian/patches/jdk-8132985-backport-double-free.patch, debian/patches/jdk-8139803-backport-warning.patch: fix crash in freetypescaler due to double free, thanks to Heikki Aitakangas for the report and patches. (Closes: #911847) * debian/rules: run only the hotspot testsuite for jamvm and zero alternative vms to make build faster. -- Tiago Stürmer Daitx <tiago.daitx@ubuntu.com> Thu, 11 Oct 2018 01:47:12 +0000	Matthias Klose	5 years ago
623	check in delta for the 7u181-2.6.14-1 upload check in delta for the 7u181-2.6.14-1 upload	Matthias Klose	5 years ago
622	openjdk-7 (7u171-2.6.13-1) experimental; urgency=high openjdk-7 (7u171-2.6.13-1) experimental; urgency=high [ Tiago Stürmer Daitx ] * IcedTea release 2.6.13 (based on 7u171). Closes: #891330. * Security fixes: - S8160104: CORBA communication improvements - S8172525, CVE-2018-2579: Improve key keying case - S8174756: Extra validation for public keys - S8175932: Improve host instance supports - S8176458: Revise default document styling - S8178449, CVE-2018-2588: Improve LDAP logins - S8178458: Better use of certificates in LDAP - S8178466: Better RSA parameters - S8179536: Cleaner print job handling - S8179990: Cleaner palette entry handling - S8180011: Cleaner native graphics device handling - S8180015: Cleaner AWT robot handling - S8180020: Improve SymbolHashMap entry handling - S8180433: Cleaner CLR invocation handling - S8180877: More deeply colored ICC spaces - S8181664: Improve JVM UTF String handling - S8181670: Improve implementation of keystores - S8182125, CVE-2018-2599: Improve reliability of DNS lookups - S8182387, CVE-2018-2603: Improve PKCS usage - S8182601, CVE-2018-2602: Improve usage messages - S8185292, CVE-2018-2618: Stricter key generation - S8185325, CVE-2018-2641: Improve GTK initialization - S8186080: Transform XML interfaces - S8186212, CVE-2018-2629: Improve GSS handling - S8186600, CVE-2018-2634: Improve property negotiations - S8186606, CVE-2018-2633: Improve LDAP lookup robustness - S8186867: Improve native glyph layouts - S8186998, CVE-2018-2637: Improve JMX supportive features - S8189284, CVE-2018-2663: More refactoring for deserialization cases - S8190289, CVE-2018-2677: More refactoring for client deserialization cases - S8191142, CVE-2018-2678: More refactoring for naming deserialization cases * Remove multiarch-support pre-dependency. Closes: #887858. [ Matthias Klose ] * Bump standards version. * Disable bootstrap on sid/buster, gcj is removed. * Remove Damien Raude-Morvan as uploader. Closes: #889378. -- Matthias Klose <doko@ubuntu.com> Mon, 02 Apr 2018 10:36:32 +0200	Matthias Klose	6 years ago
621	7u161-2.6.12-1 upload 7u161-2.6.12-1 upload	Matthias Klose	6 years ago
620	* Build-depend on g++-4.7 on wheezy. This is the default on ... * Build-depend on g++-4.7 on wheezy. This is the default on some architectures such as amd64 or i386, but not on armhf or armel, which default to 4.6. There the build was working before because the bootstrap build pulled gcj-jdk, which depends on gcj-4.7-jdk and that in turn depends on g++-4.7. However since we have disabled the bootstrap build now, g++-4.7 is no longer installed on arm* builds, causing the build failure which couldn't be seen on amd64 (Emilio Pozuelo Monfort).	Matthias Klose	7 years ago
619	* Disable Hotspot workaround for Exec Shield (Debian only). * Disable Hotspot workaround for Exec Shield (Debian only). Addresses: #876051.	Matthias Klose	7 years ago
618	openjdk-7 (7u151-2.6.11-3) experimental; urgency=medium openjdk-7 (7u151-2.6.11-3) experimental; urgency=medium [ Matthias Klose ] * Disable bootstrap on wheezy, it currently fails due to the last round of 8u151 security patches (Emilio Pozuelo Monfort). [ Tiago Stürmer Daitx ] * debian/patches/hotspot-aarch64-S8145438-fix-field-too-big-for-insn.patch: the S8144028 fix was incomplete and followed up by S8145438; without it aarch64 JVM can fail with "Internal Error, failed: Field too big for insn". -- Matthias Klose <doko@ubuntu.com> Thu, 23 Nov 2017 16:37:21 +0100	Matthias Klose	7 years ago
617	- 7u151-2.6.11-2 upload - 7u151-2.6.11-2 upload	Matthias Klose	7 years ago
616	- 7u151-2.6.11 upload - 7u151-2.6.11 upload	Matthias Klose	7 years ago
615	openjdk-7 (7u131-2.6.9-3) experimental; urgency=medium openjdk-7 (7u131-2.6.9-3) experimental; urgency=medium * Only include the failing tests in the packages, not the whole test world. * openjdk-7-jdk: Provide openjdk-7-jdk-headless. -- Matthias Klose <doko@ubuntu.com> Sat, 20 May 2017 15:52:17 -0700	Matthias Klose	7 years ago
614	openjdk-7 (7u131-2.6.9-2) experimental; urgency=high openjdk-7 (7u131-2.6.9-2) experimental; urgency=high [ Tiago Stürmer Daitx ] * Fix JDK regression introduced by 7u131 upgrade: (LP: #1691126) - d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch: fix "IllegalArgumentException: jdk.tls.namedGroups" backported from http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f5d0aadb4d1c -- Matthias Klose <doko@ubuntu.com> Tue, 16 May 2017 21:42:12 -0700	Matthias Klose	7 years ago
613	openjdk-7 (7u131-2.6.9-1) experimental; urgency=high openjdk-7 (7u131-2.6.9-1) experimental; urgency=high [ Tiago Stürmer Daitx ] * IcedTea release 2.6.9 (based on 7u131): * Security fixes - S8167110, CVE-2017-3514: Windows peering issue. - S8163528, CVE-2017-3511: Better library loading. - S8169011, CVE-2017-3526: Resizing XML parse trees. - S8163520, CVE-2017-3509: Reuse cache entries. - S8171533, CVE-2017-3544: Better email transfer. - S8170222, CVE-2017-3533: Better transfers of files. - S8171121, CVE-2017-3539: Enhancing jar checking. - S8172299: Improve class processing. * debian/compat: updated from 5 to 9. * debian/watch: using watch version 4 to download both icedtea and icedtea-sound. LP: #1642420. * debian/repack: simplified tarball download. * debian/rules: - removed 8u121 patches as they have been applied to 7u131. - building icedtea-sound on build/ directory - replaced 'dh_strip -k' calls by dh_prep - have the 'build' rule depend on 'debian/control' rule to force failure if debian/control gets regenerated. - added file 'security/blacklisted.cert' to be copied to etc dir (introduced by S8011402). - simplified build dependencies. - removed jtreg's xvfb-run call since icedtea takes care of calling it. - removed window manager as there are no additional significant failures on the jdk tests when not running one. - re-enabled jdk jtreg tests. - removed lpia arch. - use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional package names. - drop Recommends on obsolete GNOME libraries so they are not in a default GNOME desktop installation (Simon McVittie). Closes: #850270. + sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24) over obsolete libgconf2-4. + sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24) over libgnomevfs-2-0. + sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over libgnomevfs2-0. * debian/control.in: added static build dependencies as their previous selection logic in debian/rules is no longer required. * debian/control: regenerated. * debian/patches/icedtea-sound.diff: removed, now packing icedtea-sound 1.0.1 which includes those fixes. * debian/upstream/signing-key.asc: add new signing key. [ Matthias Klose ] * Remove obsolete changelog entries from previous release. -- Matthias Klose <doko@ubuntu.com> Tue, 16 May 2017 13:49:35 -0700	Matthias Klose	7 years ago
612	* Remove obsolete changelog entries from previous release. * Remove obsolete changelog entries from previous release.	Matthias Klose	7 years ago
611	* Remove obsolete changelog entries from previous release. * Remove obsolete changelog entries from previous release.	Matthias Klose	7 years ago
610	openjdk-7 (7u121-2.6.8-2) experimental; urgency=high openjdk-7 (7u121-2.6.8-2) experimental; urgency=high [ Tiago Stürmer Daitx ] * Security fixes from 8u121: - S8167104, CVE-2017-3289: Custom class constructor code can bypass the required call to super.init allowing for uninitialized objects to be created. - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling dispose() on a CMenuComponentmultiple times. - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique. - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt sections to be 2^32-1 bytes long so these should not be uncompressed unless the user explicitly requests it. - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may leak information about k. - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to deserialize responses from an LDAP server when an LDAP context is expected. - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how users or external applications would interpret them leading to possible security issues. - S8168705, CVE-2016-5547: A value from an InputStream is read directly into the size argument of a new byte[] without validation. - S8164147, CVE-2017-3261: An integer overflow exists in SocketOutputStream which can lead to memorydisclosure. - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. * Missing - S8165344, CVE-2017-3272: A protected field can be leveraged into type confusion. - S8156802, CVE-2017-3241: RMI deserialization should limit the types deserialized to prevent attacks that could escape the sandbox. * Ignored - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may leak information about k. -- Matthias Klose <doko@ubuntu.com> Tue, 07 Feb 2017 11:09:39 +0100	Matthias Klose	7 years ago
609	openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium * IcedTea release 2.6.8 (based on 7u121): -- Matthias Klose <doko@ubuntu.com> Mon, 14 Nov 2016 13:38:40 +0100	Matthias Klose	8 years ago
608	- upload 7u111-2.6.7-3 - upload 7u111-2.6.7-3	Matthias Klose	8 years ago
607	[ Tiago Stürmer Daitx ] [ Tiago Stürmer Daitx ] * Don't use precompiled header files on arm64. * Update the sec-webrev-8u111-S8159503.hotspot patch.	Matthias Klose	8 years ago
606	[ Tiago Stürmer Daitx ] [ Tiago Stürmer Daitx ] * Backported security fixes from 8u111: - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * debian/rules: - removed lcms version 1 option as no current release uses that, lcms2 is now default. - removed in-tree/system lcms selection to always use system's lcms. - removed all cacao references except for the transitional cacao package. - updated jtreg tests to use othervm. - simplified rhino and libcups dependency selection. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/control.in: removed cacao references. * debian/README.source: removed cacao references. * debian/patches/cacao-armv4.diff: deleted file. * Makefile.am: remove -samevm * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM after the introduction of two new Unsafe methods in the OpenJDK hotspot. Closes: #833933. (LP: #1611598)	Matthias Klose	8 years ago
605	- check-in remaining changes for 7u111-2.6.7-1 upload - check-in remaining changes for 7u111-2.6.7-1 upload	Matthias Klose	8 years ago

Older »