* Build without atk-wrapper on i386 in focal.
* Update to OpenJDK 8u252-b09 (GA). Updated aarch32 to 8u252-b08 (no
hotspot changes between b08 and b09).
* Security fixes
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- JDK-8225603: Enhancement for big integers
- JDK-8227542: Manifest improved jar headers
- JDK-8231415, CVE-2020-2773: Better signatures in XML
- JDK-8233250: Better X11 rendering
- JDK-8233410: Better Build Scripting
- JDK-8234027: Better JCEKS key support
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
- JDK-8238960: linux-i586 builds are inconsistent as the newly build
jdk is not able to reserve enough space for object heap
* Other changes
- JDK-8005819: Support cross-realm MSSFU
- JDK-8022263: use same Clang warnings on BSD as on Linux
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex
assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor
is invalid
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and
some unit tests
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
- JDK-8132130: some docs cleanup
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods
is not optimal
- JDK-8144446: Automate the Marlin crash test
- JDK-8144526: Remove Marlin logging use of deleted internal API
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
- JDK-8144654: Improve Marlin logging
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with
huge coordinates and round joins
- JDK-8166976: TestCipherPBECons has wrong @run line
- JDK-8167409: Invalid value passed to critical JNI function
- JDK-8181872: C1: possible overflow when strength reducing integer multiply
by constant
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- JDK-8191227: issues with unsafe handle resolution
- JDK-8197441: Signature#initSign/initVerify for an invalid
private/public key fails with ClassCastException for SunPKCS11 provider
- JDK-8204152: SignedObject throws NullPointerException for null keys with
an initialized Signature object
- JDK-8215756: Memory leaks in the AWT on macOS
- JDK-8216472: (se) Stack overflow during selection operation leads to crash
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from
mtInternal to mtThread
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected
exceptions
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts
test
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- JDK-8229022: BufferedReader performance can be improved by using
StringBuilder
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- JDK-8229872: (fs) Increase buffer size used with getmntent
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey
cause Exception
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- JDK-8235744: PIT:
test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in
linux-x64
- JDK-8235904: Infinite loop when rendering huge lines
- JDK-8236179: C1 register allocation error with T_ADDRESS
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- JDK-8240521: Revert backport of 8231584: Deadlock with
ClassLoader.findLibrary and System.loadLibrary call
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
- JDK-8241307: Marlin renderer should not be the default in 8u252
* Build using GCC 9 in unstable. Closes: #944184.
* Update to 8u252-b07 (early access build).
* Update ARM32 and AArch64 hotspot to 8u252-b06.
* Build using GCC 9 in recent releases.
* Merge changes from 8u242-b08-0ubuntu3 back into Debian
* Fix nocheck profile (no profile support) for wheezy
* Version !nocheck default-jre-headless build dependency
to ensure at least Java 8 there as well; avoids needing to
install two JREs when building in pre-{stretch,xenial}
* Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga
* Bump Policy
* OpenJDK 8u242-b08 build (release).
- S8226352, CVE-2020-2590: Improve Kerberos interop capabilities
- S8228548, CVE-2020-2593: Normalize normalization for all
- S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets
- S8229951, CVE-2020-2601: Better Ticket Granting Services
- S8231422, CVE-2020-2604: Better serial filter handling
- S8231795, CVE-2020-2659: Enhance datagram socket support
- S8234037, CVE-2020-2654: Improve Object Identifier Processing
- S8037550: Update RFC references in javadoc to RFC 5280
- S8039438: Some tests depend on internal API sun.misc.IOUtils
- S8044500: Add kinit options and krb5.conf flags that allow users
to obtain renewable tickets and specify ticket lifetimes
- S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic,
relies on clockskew grace
- S8080835: Add blocking bulk read to sun.misc.IOUtils
- S8138978: Examine usages of sun.misc.IOUtils
- S8139206: Add InputStream readNBytes(int len)
- S8183591: Incorrect behavior when reading DER value with
Integer.MAX_VALUE length
- S8186576: KerberosTicket does not properly handle renewable
tickets at the end of their lifetime
- S8186831: Kerberos ignores PA-DATA with a non-null s2kparams
- S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in
one test
- S8193832: Performance of InputStream.readAllBytes() could be improved
- S8196956: (ch) More channels cleanup
- S8201627: Kerberos sequence number issues
- S8215032: Support Kerberos cross-realm referrals (RFC 6806)
- S8225261: Better method resolutions
- S8225279: Better XRender interpolation
- S8226719: Kerberos login to Windows 2000 failed with "Inappropriate
type of checksum in message"
- S8227061: KDC.java test behaves incorrectly when AS-REQ contains a
PAData not PA-ENC-TS-ENC
- S8227381: GSS login fails with PREAUTH_FAILED
- S8227437: S4U2proxy cannot continue because server's TGT cannot be found
- S8227758: More valid PKIX processing
- S8227816: More Colorful ICC profiles
- S8230279: Improve Pack200 file reading
- S8230318: Better trust store usage
- S8230967: Improve Registry support of clients
- S8231129: More glyph images
- S8231139: Improved keystore support
- S8232381: add result NULL-checking to freetypeScaler.c
- S8232419: Improve Registry registration
- S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
- S8235909: File.exists throws AccessControlException for invalid
paths when a SecurityManager is installed
- S8236983: [TESTBUG] Remove pointless catch block in
test/jdk/sun/security/util/DerValue/BadValue.java
- S8236984: Add compatibility wrapper for IOUtils.readFully
* Use the hotspot arch list to select between hotspot and zero as
the default VM for autopkgtests. This fixes s390x (zero based)
autopkgtest support.
* Update to 8u242-b04 (early access build).
* Update to OpenJDK 8u232-b09 (GA). Updated aarch32 to 8u232-b09.
* Security fixes:
- S8167646: Better invalid FilePermission.
- S8213429, CVE-2019-2933: Windows file handling redux.
- S8218573, CVE-2019-2945: Better socket support.
- S8218877: Help transform transformers.
- S8220186: Improve use of font temporary files.
- S8220302, CVE-2019-2949: Better Kerberos ccache handling.
- S8221497: Optional Panes in Swing.
- S8221858, CVE-2019-2958: Build Better Processes.
- S8222684, CVE-2019-2964: Better support for patterns.
- S8222690, CVE-2019-2962: Better Glyph Images.
- S8223163: Better pattern recognition.
- S8223505, CVE-2019-2973: Better pattern compilation.
- S8223518, CVE-2019-2975: Unexpected exception in jjs.
- S8223892, CVE-2019-2978: Improved handling of jar files.
- S8224025: Fix for JDK-8220302 is not complete.
- S8224532, CVE-2019-2981: Better Path supports.
- S8224915, CVE-2019-2983: Better serial attributes.
- S8225286, CVE-2019-2987: Better rendering of native glyphs.
- S8225292, CVE-2019-2988: Better Graphics2D drawing.
- S8225298, CVE-2019-2989: Improve TLS connection support.
- S8225597, CVE-2019-2992: Enhance font glyph mapping.
- S8226765, CVE-2019-2999: Commentary on Javadoc comments.
- S8227129: Better ligature for subtables.
- S8227601: Better collection of references.
- S8228825, CVE-2019-2894: Enhance ECDSA operations.
* Update to 8u232-b07 (early access build).
[ Matthias Klose ]
* Refresh patches.
* openjdk-8-jdk-headless: Add Breaks/Replaces for moved clhsdb binary.
LP: #1845873.
* debian/tests/control: Depend on g++ instead of build-essential or libc6-dev.
* Bump standards vesion.
[ Tiago Stürmer Daitx ]
* Improve and fix build tests and autopkgtests:
- Update debian/tests/hotspot,jdk,langtools to ignore
jtreg-autopkgtest.sh return code.
- Create debian/tests/jtdiff-autopkgtest.in as it depends
on debian/rules variables.
- debian/control.in, debian/control: add default-jre-headless
to Build-Depends with a nocheck clause as jtreg requires
a JRE in /usr/lib/jvm/default-java.
- debian/tests/control:
+ Add zip and unzip test dependencies required by jdk's
test/sun/security/tools/jarsigner/diffend.sh and
test/sun/security/tools/jarsigner/emptymanifest.sh.
+ Depend on default-jre-headless so jtreg will use the
JRE from /usr/lib/jvm/default-java.
- debian/tests/jtdiff-autopkgtest.sh:
+ Fail only if an actual regression is detected.
+ Add the super-diff comparison from jtdiff.
+ Save failed jtr files for all runs.
- debian/tests/jtreg-autopkgtest.sh:
+ Enable retry of failed tests to trim out flaky tests.
+ Fix unbound variable.
+ Keep .jtr files from failed tests only.
- debian/patches/jdk-problem-list.diff: ignore failing tests
that require more investigation.
- debian/rules:
+ Preserve all JTreport directories in the test output
directory.
+ Use JDK_DIR instead of JDK_TO_TEST for autopkgtest
generation.
+ Package all .jtr files from JTwork as jtreg-autopkgtest.sh
makes sure it contains only failed tests.
* debian/tests/jdk: add our custom debian/tests/jdk-problem-list.txt to the
exclusion list.
* debian/tests/jdk-problem-list.txt: custom exclusion rules for jdk tests
that fail to run during a build or autopkgtest run.
* debian/rules: remove debian/patches/jdk-problem-list.diff.
* debian/patches/jdk-problem-list.diff: jtreg allows for extra exclusion
files thus there's no need to patch upstream's exclusion list.
* debian/tests/control: mark all autopkgtests as flaky.
* debian/tests/hotspot-archs: generated by debian/rules, contains a list of
archs that supports a hotspot vm.
* debian/tests/jdk: run only when the host arch is a hotspot vm - allow
override through an environment variable.
* debian/rules: update gen-autopkgtests to echo supported hotspot archs.
* Update to 8u232-b04 (early access build).
* Refresh patches.
* Update to 8u222-b10 (except for AArch32, updated to b08).
- Security fixes:
- S8191073: JpegImageReader throws IndexOutOfBoundsException when
trying to read image data from tables-only image.
- S8208698, CVE-2019-2745: Improved ECC Implementation.
- S8212328, CVE-2019-2762: Exceptional throw cases.
- S8213431, CVE-2019-2766: Improve file protocol handling.
- S8213432, CVE-2019-2769: Better copies of CopiesList.
- S8216381, CVE-2019-2786: More limited privilege usage.
- S8217563: Improve realm maintenance.
- S8218863: Better endpoint checks.
- S8218873: Improve JSSE endpoint checking.
- S8218876, CVE-2019-7317: Improve PNG support options.
- S8219018: Adjust positions of glyphs.
- S8219020: Table alternate substitutions.
- S8219775: Certificate validation improvements.
- S8220192: Better outlook for SecureRandom.
- S8220517: Enhanced GIF support.
- S8221518, CVE-2019-2816: Normalize normalization.
- S8223511, CVE-2019-2842: Extended AES support.
[ Matthias Klose ]
* Bump standards version.
[ Tiago Stürmer Daitx ]
* Backport fix for S8223511 for AArch32.
* Upload to unstable.
* Remove AArch32 patches, applied upstream.
* Fix build dependencies for Ubuntu precise builds.
* Update to 8u222-b07.
[ Matthias Klose ]
* Update to 8u222-b05 (except for AArch32).
* Apply suggested hotspot fixes for AArch32.
* Re-enable running the testsuite.
[ Tiago Stürmer Daitx ]
* Find any hs_err_pid files generated during the build and send to stdout.
* Update ARM32 to jdk8u222-b04-aarch32-190603.
* Regenerate the ppc64el patch.
* Remove unused patches ppc64le-8036767 and zero-opt.
* Update to 8u222-b04.
* Update ARM32 to jdk8u212-b04-aarch32-190430.
* Fix 32bit zero builds.
* Use -a instead of -s for debhelper tools.
* Don't apply the 8221355 fix for ARM builds.
* Don't configure --with-vendor-name on stable releases.
* Fix the jpeg runtime dependency for the build in unstable.
[ Matthias Klose ]
* Configure --with-vendor-name.
* 8221355: Fix performance regression after JDK-8155635 backport into 8u.
[ Tiago Stürmer Daitx ]
* Update to 8u212-b03. LP: #1826001.
* Security fixes:
- S8211936, CVE-2019-2602: Better String parsing.
- S8218453, CVE-2019-2684: More dynamic RMI interactions.
- S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
* Revert to GTK2 as default since GTK3 still has padding and component
issues:
- debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
libgtk2.0-0 instead of relying on gtk3 for some releases.
* debian/control: add missing dependency on testng (required by the
testsuites).
[ Andrej Shadura ]
* debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
Closes: 922757.
[ Matthias Klose ]
* debian/rules, debian/tests/jtdiff-autopkgtest.sh,
debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
only set the JDK under test and allow jtreg to use its default JDK
for running the tests.
[ Thorsten Glaser ]
* Improve compatibility with older releases. Closes: #925407.
- debian/rules: determine source date using backwards-compatible
dpkg-parsechangelog call.
- debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
it can be empty.
* Update to 8u212-b01.
* Enable SA on AArch64.
* Fix the 8u202 merge for aarch32, not using SA.
* Fix builds using the aarch32 hotspot version.
* Update to 8u202-b26.
* Security fixes:
- CVE-2019-2422, S8206290: Better FileChannel transfer performance.
- CVE-2019-2426, S8209094: Improve web server connections.
- S8199156: Better route routing.
- S8199552: Update to build scripts.
- S8200659: Improve BigDecimal support.
- S8203955: Improve robot support.
- S8204895: Better icon support.
- S8205709: Proper allocation handling.
- S8205714: Initial class initialization.
- S8210094: Better loading of classloader classes.
- S8210606: Improved data set handling.
- S8210866: Improve JPEG processing.
[ Tiago Stürmer Daitx ]
* Update DEP8 tests:
- debian/tests/control: updated to allow stderr output and to remove
dpkg-dev dependency.
- debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture
instead of dpkg-architecture; log script name on any output.
- debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead
of dpkg-architecture; do not retain test temporary files; log script
name on any output.
- debian/tests/jtreg-autopkgtest.sh: regenerated.
* Upload to unstable.
* Remove the "Team upload" for the last upload to experimental.
* Update to 8u191-b12. (Closes: #911925, Closes: #912333, LP: #1800792)
* debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt
from upstream now.
* debian/excludelist.langtools.jtx: upstream testing does not use any
exclusion list.
* debian/patches/sec-webrev-8u191-b12*: removed, applied upstream.
* debian/patches/jdk-8132985-backport-double-free.patch,
debian/patches/jdk-8139803-backport-warning.patch: fix crash in
freetypescaler due to double free, thanks to Heikki Aitakangas for
the report and patches. (Closes: #911847)
* debian/rules:
- tar and save JTreport directory.
- run the same limited set of tests as upstream does.
- call the same testsuites scripts used for autopkgtest.
- reenable jdk testsuite.
- simplified and moved xvfb logic into check-jdk rule.
- removed jtreg and xvfb build dependency logic and moved the bdeps
into debian/control.in.
- added rules to generate autopkgtest scripts from templates.
* updated dep8 tests:
- debian/test/control: run hotspot, langtools, and jdk testsuites.
- debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools:
add scripts for each testsuite to be run.
- debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg
script used by the autopkgtest tests.
- debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report
any differences between the autopkgtest and the tests results
generated during the openjdk package build.
- debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg
and put the resulting artifacts in the right places.
- debian/tests/valid-tests: removed, no longer needed.
[ Tiago Stürmer Daitx ]
* Apply patches from 8u191-b12 security update.
- CVE-2018-3136, S8194534: Manifest better support.
- CVE-2018-3139, S8196902: Better HTTP Redirection.
- CVE-2018-3149, S8199177: Enhance JNDI lookups.
- CVE-2018-3169, S8199226: Improve field accesses.
- CVE-2018-3180, S8202613: Improve TLS connections stability.
- CVE-2018-3183, S8202936: Improve script engine support.
- CVE-2018-3214, S8205361: Better RIFF reading support.
- CVE-2018-3211: Unspecified vulnerability in the Serviceability component.
- S8195868: Address Internet Addresses.
- S8195874: Improve jar specification adherence.
- S8201756: Improve cipher inputs.
- S8203654: Improve cypher state updates.
- S8204497: Better formatting of decimals.
* debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes
a memory leak; upstream fixed it in openjdk-7, albeit in a different way.
Closes: #910672.
[ Matthias Klose ]
* Bump standards version.
* Update to 8u181-b13.
* Remove the mauve test machinery.
* Build using GCC 8 in development releases.
* Update the zero-architectures patch for ia64 (Adrian Glaubitz).
Closes: #897066.
* Fix zero build on ia64 (Adrian Glaubitz). Closes: #897068.
* Refresh patches.
[ Tiago Stürmer Daitx ]
* Update to 8u171-b11. Hotspot 8u162-b12 for aarch32 with 8u171-b10 hotspot
security fixes and 8u171-b10 for aarch64.
- CVE-2018-2790,S8189969: Manifest better manifest entries.
- CVE-2018-2795,S8189977: Improve permission portability.
- CVE-2018-2796,S8189981: Improve queuing portability.
- CVE-2018-2797,S8189985: Improve tabular data portability.
- CVE-2018-2798,S8189989: Improve container portability.
- CVE-2018-2799,S8189993: Improve document portability.
- CVE-2018-2794,S8189997: Enhance keystore mechanisms.
- CVE-2018-2814,S8192025: Less referential references.
- CVE-2018-2815,S8192757: Improve stub classes implementation.
- CVE-2018-2800,S8193833: Better RMI connection support.
- S8169080: Improve documentation examples for crypto applications.
- S8180881: Better packaging of deserialization.
- S8182362: Update CipherOutputStream Usage.
- S8189123: More consistent classloading.
- S8190478: Improved interface method selection.
- S8190877: Better handling of abstract classes.
- S8191696: Better mouse positioning.
- S8192030: Better MTSchema support.
- S8193409: Improve AES supporting classes.
- S8193414: Improvements in MethodType lookups.
* d/p/aarch64-hotspot-8u162-b12.patch: removed, tarball has been updated to
8u171-b10.
* d/p/hotspot-S8185723-zero-ppc32-atomic_copy64-fix.patch,
d/p/hotspot-S8201509-zero-s390x-atomic_copy64-fix.patch: fix ppc32, s390x
javac segmentation fault caused by wrong inline assembler.
[ Matthias Klose ]
* Bump standards version.
[ Tiago Stürmer Daitx ]
* Update to 8u162-b12. Hotspot 8u162-b12 for aarch32 and 8u161-b16
for aarch64 (wth 8u162-b12 patches).
* Security updates:
- CVE-2018-2633,S8186606: Improve LDAP lookup robustness.
- CVE-2018-2637,S8186998: Improve JMX supportive features.
- CVE-2018-2634,S8186600: Improve property negotiations.
- CVE-2018-2582,S8174962: Better interface invocations.
- CVE-2018-2641,S8185325: Improve GTK initialization.
- CVE-2018-2618,S8185292: Stricter key generation.
- CVE-2018-2629,S8186212: Improve GSS handling.
- CVE-2018-2603,S8182387: Improve PKCS usage.
- CVE-2018-2599,S8182125: Improve reliability of DNS lookups.
- CVE-2018-2602,S8182601: Improve usage messages.
- CVE-2018-2588,S8178449: Improve LDAP logins.
- CVE-2018-2678,S8191142: More refactoring for naming deserialization
cases.
- CVE-2018-2677,S8190289: More refactoring for client deserialization
cases.
- CVE-2018-2663,S8189284: More refactoring for deserialization cases.
- CVE-2018-2579,S8172525: Improve key keying case.
* d/p/aarch64-hotspot-8u162-b12.patch: update aarch64 hotspot to 8u162-b12.
* d/p/icedtea-4953367.patch: removed, fixed upstream by "S8136570: Stop
changing user environment variables related to /usr/dt".
* d/p/gcc6.diff: removed, fixed upstream.
* d/p/jdk-getAccessibleValue.diff: updated, removed chunks fixed upstream
by "S8076249: NPE in AccessBridge while editing JList model" and
"S8145207: [macosx] JList, VO can't access non-visible list items".
* d/p/openjdk-ppc64el-S8170153.patch, d/p/8164293.diff,
d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch,
d/p/hotspot-ppc64el-S8168318-cmpldi.patch,
d/p/hotspot-ppc64el-S8170328-andis.patch,
d/p/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch,
d/p/hotspot-ppc64el-S8181055-use-numa-v2-api.patch,
d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: removed,
applied upstream.
* d/rules, d/control: depend on GKT3 instead of GTK2 for newer releases.
LP: #1735482.
* d/rules: wait 10 seconds before issuing SIGKILL to buildwatch.
* d/buildwatch.sh: find hs_err files and cat them to help debugging build
failures.
* S8173853: IllegalArgumentException in java.awt.image.ReplicateScaleFilter.
LP: #8173853.
[ Matthias Klose ]
* Disable Hotspot workaround for Exec Shield (Debian only).
Closes: #876051.
* Fix some lintian warnings.
* Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
patches.
[ Tiago Stürmer Daitx ]
* Security patches:
- CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
CardImpl can be recovered via finalization, then separate instances
pointing to the same device can be created.
- CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
readObject allocates an array based on data in the stream which could
cause an OOM.
- CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
thread can be used as the root of a Trusted Method Chain.
- CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
possibly other Linux flavors) CR-NL in the host field are ignored and
can be used to inject headers in an HTTP request stream.
- CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
implementations can incorrectly take information from the unencrypted
portion of the ticket from the KDC. This can lead to an MITM attack
impersonating Kerberos services.
- CVE-2017-10346, S8180711: Better alignment of special invocations. A
missing load constraint for some invokespecial cases can allow invoking
a method from an unrelated class.
- CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
based on data in the serial stream without a limit on the size.
- CVE-2017-10347, S8181323: Better timezone processing. An array is
allocated based on data in the serial stream without a limit on the
size.
- CVE-2017-10349, S8181327: Better Node predications. An array is
allocated based on data in the serial stream without a limit on the size.
- CVE-2017-10345, S8181370: Better keystore handling. A malicious
serialized object in a keystore can cause a DoS when using keytool.
- CVE-2017-10348, S8181432: Better processing of unresolved permissions.
An array is allocated based on data in the serial stream without a limit
on the size.
- CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
serialized stream could cause an OOM due to lack on checking on the
number of interfaces read from the stream for a Proxy.
- CVE-2017-10355, S8181612: More stable connection processing. If an
attack can cause an application to open a connection to a malicious FTP
server (e.g., via XML), then a thread can be tied up indefinitely in
accept(2).
- CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
keystores should be retired from common use in favor of more modern
keystore protections.
- CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
check could lead to leaked memory contents.
- CVE-2016-9841, S8184682: Upgrade compression library. There were four
off by one errors found in the zlib library. Two of them are long typed
which could lead to RCE.
* debian/rules:
- openjdk8 now ships limited and unlimited policy.jar files (S8157561)
into their own directories under jre/lib/security/policy.
* debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch,
d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates
to both aarch32 and aarch64.
* d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff,
d/p/system-libjpeg.diff: Remove hunks related to the generated configure
file generated during the build.
* d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld.
LP: #1723893.
* d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and.
LP: #1723862.
* d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add
Montgomery multiply intrinsic. LP: #1723860.
* d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for
bitfield extract is absent in OpenJDK 8. LP: #1723861.
* d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which
is present in overlayfs.
[ Matthias Klose ]
* Bump standards version.
[ Matthias Klose ]
* Don't regenerate the control file during the build.
* Enable systemtap on sh4.
* Bump standards version to 4.1.0.
* Build using GCC 7 on recent development versions.
[ Tiago Stürmer Daitx ]
* debian/rules:
- when zero/shark alternate vm is build, add '-zero KNOWN' to jvm.cfg.
- for non-hotspot builds add '-zero ALIASED_TO -server' to jvm.cfg.
- enable zero alternate vm on armhf.
* debian/jvm.cfg-client_default: aarch32 only builds the client
compiler and requires its own default jvm. Closes: #874434.
* Update to 8u144-b01.
- fix regression introduced by security fix S8169392. LP: #1707082.
[ Matthias Klose ]
* Fix libjvm.so's .debug file names. LP: #1548434.
* Remove dependency on multiarch-support. Closes: #870520.
[ Tiago Stürmer Daitx ]
* debian/apport-hook.py:
- truncate hs_err if bigger than 100 KiB instead of ignoring it.
- add message if hs_err file is not found at expected location.
- report file size in human readble SI units.
* debian/control.in:
- move 'Breaks:' from openjdk-8-jdk-headless to openjdk-8-jre-headless.
- remove jamvm references.
* debian/control.jamvm-jre: removed.
* debian/control.jamvm-trans: transactional package for jamvm.
* debian/rules:
- add aarch32 hotspot support.
- build aarch32 using client jvm-variant (no server in aarch32 port).
- use DEB_HOST_ARCH instead of DEB_HOST_ARCH_CPU as armel and armhf
are both reported as arm.
- explicitly add kfreebsd-i386, kfreebsd-amd64, hurd-i386 to arch_map
and archdir_map due to usage of DEB_HOST_ARCH.
- avoid building zero as an alternative vm for aarch32.
- disable precompiled headers on Trusty to minimize g++-4.8 segfaults.
- don't build zero alternate vm on Trusty, avoid g++-4.8 segfaults.
- add a 'Breaks:' entry to ca-certificates-java for all releases
except Trusty. LP: #1706567.
- remove jamvm.
* debian/patches/aarch64.diff: remove unnecessary chunks as aarch64 is
now upstream.
* debian/patches/aarch32.diff: add required changes to root and jdk to
build aarch32.
* debian/patches/hotspot-libpath-aarch32.diff: copied from
hotspot-libpath-default.diff.
* debian/patches/ppc64le-8036767.diff: updated.
* debian/patches/jdk-ppc64el-S8170153.patch: updated to include aarch64.
* debian/patches/jdk-java-nio-bits-unligned-aarch64.diff: Check for
"aarch64" along with other unaligned access supporting architectures.
* Fix building the javadocs, build error introduced by the m68k changes.
* Update the kfreebsd patches (Adrian Glaubitz). Closes: #869643, #869672.
[ Matthias Klose ]
* Update the m68k-support patch (Adrian Glaubitz). Closes: #864180.
* Disable generation of jvmti.html on m68k (Adrian Glaubitz).
Closes: #864205.
* Disable the jamvm autopkg tests.
* CVE-2017-10243 is also fixed in 8u141-b15 (S8182054).
[ Tiago Stürmer Daitx ]
* patches/hotspot-ppc64el-S8181055-use-numa-v2-api.patch: mbind invalid
argument message is still seen after S8175813; use numa_interleave_memory
v2 api when available. LP: #1705763.
* Update to 8u141-b15, Hotspot 8u141-b16 for AArch64.
* Security fixes from 8u141:
- CVE-2017-10102, S8163958: Improved garbage collection.
- CVE-2017-10053, S8169209: Improved image post-processing steps.
- CVE-2017-10067, S8169392: Additional jar validation steps.
- CVE-2017-10081, S8170966: Right parenthesis issue.
- CVE-2017-10078, S8171539: Better script accessibility for JavaScript.
- CVE-2017-10087, S8172204: Better Thread Pool execution.
- CVE-2017-10089, S8172461: Service Registration Lifecycle.
- CVE-2017-10090, S8172465: Better handling of channel groups.
- CVE-2017-10096, S8172469: Transform Transformer Exceptions.
- CVE-2017-10101, S8173286: Better reading of text catalogs.
- CVE-2017-10107, S8173697: Less Active Activations.
- CVE-2017-10074, S8173770: Image conversion improvements.
- CVE-2017-10110, S8174098: Better image fetching.
- CVE-2017-10108, S8174105: Better naming attribution.
- CVE-2017-10109, S8174113: Better sourcing of code.
- CVE-2017-10115, S8175106: Higher quality DSA operations.
- CVE-2017-10118, S8175110: Higher quality ECDSA operations.
- CVE-2017-10116, S8176067: Proper directory lookup processing.
- CVE-2017-10135, S8176760: Better handling of PKCS8 material.
- CVE-2017-10176, S8178135: Additional elliptic curve support.
- CVE-2017-10193, S8179101: Improve algorithm constraints implementation.
- CVE-2017-10198, S8179998: Clear certificate chain connections.
- S8174770: Check registry registration location.
- S8174873: Improved certificate procesing.
- S8176055: JMX diagnostic improvements.
- S8176536: Improved algorithm constraints checking.
- S8181420: PPC: Image conversion improvements.
- S8182054: Improve wsdl support.
- S8184185: Rearrange MethodHandle arrangements.
[ Matthias Klose ]
* Provide jvmdir symlink in /usr/lib/debug. Closes: #867314.
* Fix pt_BR translation in awt message. Closes: #863331.
[ Tiago Stürmer Daitx ]
* debian/rules:
- enable apport hook on Ubuntu and derivatives only.
- remove with_zenhai logic.
- remove unused with_tzdata logic, move tzdata build dependency
to control.in.
- add Breaks:tzdata-java except for wheezy, jessie or trusty.
- re-enable jamvm for Xenial only.
- run debian/control before build so we won't build with a invalid
control file.
- remove logic to select between ttf or font packages and depend
on fonts-wqy-microhei and fonts-wqy-zenhei instead
* debian/apport-hook.py: add an apport hook to include conffiles
modified by the user on any report and the hs_err log file on
crash report only. LP: #1696886.
* patches/fontconfig-arphic-uming.diff: only enabled when with_zenhai
was false; not required since lenny.
* patches/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch: prevent
invalid argument message when invoking UseNUMA on a system with
non-consecutive numa topology. LP: #1697348.
* Tighten dependency on libatk-wrapper-java-jni. Closes: #862508.
* Update to 8u131-b11, Hotspot 8u112-b12 for AArch64.
* Security fixes:
- S8167110, CVE-2017-3514: Windows peering issue.
- S8165626, CVE-2017-3512: Improved window framing.
- S8163528, CVE-2017-3511: Better library loading.
- S8169011, CVE-2017-3526: Resizing XML parse trees.
- S8163520, CVE-2017-3509: Reuse cache entries.
- S8171533, CVE-2017-3544: Better email transfer.
- S8170222, CVE-2017-3533: Better transfers of files.
- S8171121, CVE-2017-3539: Enhancing jar checking.
[ Tiago Stürmer Daitx ]
* d/p/jdk-ppc64el-S8165231.diff: fixes java.nio.Bits.unaligned() on
ppc64el. LP: #1677612.
* debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
[ Matthias Klose ]
* openjdk-8-jre-headless: Add a break for tzdata-java. Closes: #857992.
* Use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional package
names. Closes: #859528.
* Non-maintainer upload.
* openjdk-8-jre-headless: Add Breaks: tzdata-java to ensure openjdk gets
upgraded on dist-upgrades from jessie. (Closes: #857992)
* Drop Recommends on obsolete GNOME libraries so they are not in a
default GNOME desktop installation (Simon McVittie). Closes: #850268.
- sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
over obsolete libgconf2-4.
- sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
over libgnomevfs-2-0.
- sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
libgnomevfs2-0.
* See the bug report for an analysis why this can be done for releases
back to Debian wheezy (7.0) and Ubuntu precise (12.04 LTS).
* Really don't build the JamVM VM.
* Fix 8164293: HotSpot leaking memory in long-running requests.
Closes: #853758.
* Add OpenJDK Stack Unwinder and Frame Decorator for gdb.
* Fix libjpeg dependency. Closes: #852378.
* Update to 8u121-b13, Hotspot 8u112-b16 for AArch64.
[ Matthias Klose ]
* Build using the default flags (POWER8) on ppc64el.
* Add a breaks for ca-certificates-java (<< 20160321~). Closes: #851667.
* Stop building JamVM for the stretch release, the VM is not working
with recent OpenJDK 8 updates. Closes: #841229, #842132.
* Fix location of jspawnhelper for KFreeBSD. Closes: #851053.
[ Tiago Stürmer Daitx ]
* debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and
DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and
dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845.
* Update to 8u121-b13, including security fixes.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
confusion.
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
required call to super.init allowing for uninitialized objects to be
created.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
* d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed.
* d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed.
* d/p/6926048.diff: Already applied upstream; removed.
* d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve
StrictMath performance on ppc64el. LP: #1646927.
* d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying
links to non-existant files. Closes: #841269.
* Refreshed various patches.
[ Tiago Stürmer Daitx ]
* Remove cacao references, updated jtreg tests to use agentvm and auto
concurrency.
* Run the jtreg tests on autopkg testing.
* Apply the kfreebsd patches conditionally.
* Update to 8u111-b14, including security fixes.
- CVE-2016-5568, S8158993: Service Menu services.
- CVE-2016-5582, S8160591: Improve internal array handling.
- CVE-2016-5573, S8159519: Reformat JDWP messages.
- CVE-2016-5597, S8160838: Better HTTP service.
- CVE-2016-5554, S8157739: Classloader Consistency Checking.
- CVE-2016-5542, S8155973: Tighten jar checks.
* Enable hotspot builds for sparc64. Closes: #835973.
* Fix build failure with GCC 6. Closes: #811694.
* Fix JamVM, lacking JVM_GetResourceLookupCacheURLs (Xerxes Rånby).
Closes: #826206.
* Explicitly build using GCC 6.
* Use the 8u101 tarballs instead of the 8u102 tarballs (inventing a fake
version number).
* Update AArch64 and KFreeBSD patches.
* Update to 8u101-b14, including security fixes:
* IIOP Input Stream Hooking. CVE-2016-3458:
defaultReadObject is not forbidden in readObject in subclasses of
InputStreamHook which provides leverage to deserialize malicious objects
if a reference to the input stream can be obtained separately.
* Complete name checking. S8148872, CVE-2016-3500:
In some cases raw names in XML data are not checked for length limits
allowing for DoS attacks.
* Better delineation of XML processing. S8149962, CVE-2016-3508:
Denial of service measures do not take newline characters into account.
This can be used to conduct attacks like the billion laughs DoS.
* Coded byte streams. S8152479, CVE-2016-3550:
A fuzzed class file triggers an integer overflow in array access.
* Clean up lookup visibility. S8154475, CVE-2016-3587:
A fast path change allowed access to MH.invokeBasic via the public lookup
object. MH.iB does not do full type checking which can be used to create
type confusion.
* Bolster bytecode verification. S8155981, CVE-2016-3606:
The bytecode verifier checks that any classes' <init> method calls
super.<init> before returning. There is a way to bypass this requirement
which allows creating subclasses of classes that are not intended to be
extended.
* Persistent Parameter Processing. S8155985, CVE-2016-3598:
TOCTOU issue with types List passed into dropArguments() which can be used
to cause type confusion.
* Additional method handle validation. S8158571, CVE-2016-3610:
MHs.filterReturnValue does not check the filter parameter list size.
The single expected parameter is put in the last parameter position for
the filter MH allowing for type confusion.
* Enforce GCM limits. S8146514:
In GCM the counter should not be allowed to wrap (per the spec), since that
plus exposing the encrypted data could lead to leaking information.
* Construction of static protection domains. S8147771:
SubjectDomainCombiner does not honor the staticPermission field and will
create ProtectionDomains that vary with the system policy which may allow
unexpected permission sets.
* Share Class Data. S8150752:
Additional verification of AppCDS archives is required to prevent an
attacker from creating a type confusion situation.
* Enforce update ordering. S8149070:
If the GCM methods update() and updateAAD() are used out of order, the
security of the system can be weakened and an exception should be thrown
to warn the developer.
* Constrain AppCDS behavior. S8153312:
AppCDS does not create classloader constraints upon reloading classes
which could allow class spoofing under some circumstances.
* Fix an issue with libatk-wrapper (Samuel Thibault). Closes: #827795.
* Update the KFreeBSD support patch (Steven Chamberlain). Closes: #825514.
* debian/patches/hotspot-JDK-8158260-ppc64el.patch: JDK-8158260, PPC64:
unaligned Unsafe.getInt can lead to the generation of illegal
instructions (Tiago Stürmer Daitx). LP: #1594393.
* Disable the atk bridge again on Ubuntu yakkety (failing TCK tests).
* Set initial VMThreadStackSize to 1600 on s390x.
* Drop unused g++-4.9 build dependency.
* Update to 8u91-b14.
- Addresses CVE-2016-0686 (S8129952), CVE-2016-0687 (S8132051),
CVE-2016-3427 (S8144430), CVE-2016-0695 (S8138593),
CVE-2016-3425 (S8143167), CVE-2016-3426 (S8143945).
* Backport parts of 8132051 and 6926048 to fix the zero builds.
* Add a versioned break to the oracle-java8-installer package. The
package inflates the priority of the java alternatives again. See
https://lists.ubuntu.com/archives/ubuntu-devel/2016-April/039324.html.
* Fix setting the update version (77). LP: #1550244.
* Really re-enable running the tests.
* Build-depend on jtreg again, run the tests during the build.
* Fix stripping the libjvm.so files.
* Regenerate the control file.
* Configure with --with-milestone and --with-user-release-suffix.
* Fix binary-indep only build. Closes: #819618.
* Don't configure with --disable-precompiled-headers on arm64.
* Update to 8u77-b03.
- Addresses CVE-2016-0636: Improve MethodHandle consistency.
* Build-depend on openjdk-8-jdk-headless <cross>.
* Disable the atk bridge again on Ubuntu xenial (failing TCK tests).
* Use versioned Build-Depends on autoconf (>= 2.69). Closes: #818626.
* Stop providing java-runtime, java-runtine-headless, java-compiler.
Closes: #815475.
* Fix logic for libgnome/libgconf recommendations. Closes: #813943.
* Regenerate the control file.
[ Aurelian Jarno ]
* Reapply patch to fix jamvm on mips*, lost in version 8u72-b15-1.
* Build jamvm again on mips and mipsel.
* Build with GCC 5 on mips*.
* Split out an openjdk-8-jdk-headless package.
* Don't run the tests on Ubuntu xenial (openjdk-8 now in main,
jtreg in universe).
* Recognize -dcevm as a jvm. Closes: #814421.
* Update libgconf/libgnome jre recommendations. Closes: #813943.
* Update package reference in README. Closes: #814605.
* Add french translation for policytool desktop file. Addresses: #813851.
* Install app icons again.
* Bump the priority for OpenJDK 8 as the default.
* Stop building jamvm on mips and mipsel, fails to build.
* Update to 8u72-b15.
- Addresses CVE-2016-0483 (8139017), CVE-2016-0494 (8140543),
CVE-2015-8126 (8143941), CVE-2016-0475 (8138589),
CVE-2016-0402 (8059054), CVE-2016-0466 (8133962),
CVE-2016-0448 (8130710), CVE-2015-7575 (8144773).
* Apply proposed patch for JDK-8141491: Unaligned memory access in Bits.c.
* Fix zero on m68k, introduced by 8046246 (patch suggested by Michael Karcher).
* Fix applying patches on arm64.
* Hack around the split KFreeBSD personality.
* openjdk-8-jdk: Fix typo in sdk provides. Addresses: #803150.
* Fix cross builds.
* Build again using GCC 4.9 on mips*, fails to build with GCC 5.
* Fix stripping packages (use bash instead of expr substring, Roderich
Schupp). Closes: #806421.
* Fix StackOverflowError on Zero JVM initialization on non x86 platforms,
when built with GCC 5.
* Build with GCC 5 everywhere.
* Build using giflib 5.
* Update configury for sparc64 (Steven Chamberlain). Closes: #806202.
* Update to 8u72-b05.
* Strip packages again, Debian infrastruction is fixed. Closes: #775760.
* Update to 8u66-b17.
* Security fixes:
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* Strip packages again, Debian infrastruction is fixed. Closes: #775760.
* Fix pulseaudio build on KFreeBSD.
* Backport the proposed patch for 8036767, renaming the architecture
on ppc64el from ppc64 to ppc64le.
* JDK-8073139: PPC64: User-visible arch directory and os.arch value on
ppc64le cause issues with Java tooling (Tiago Stürmer Daitx).
* Update KFreeBSD patches (Steven Chamberlain). Closes: #761067.
* Really fix preprocessor defines for alpha and sh4.
* Re-enable the partial stripping for the jre packages.
* openjdk-jre-headless: Directly depend on libfontconfig1. Closes: #793210.
* Build using GCC 4.9 for zero ports.
* Fix installing the openjdk.desktop file when cautious-launch is available.
LP: #1448548.
* Define _alpha_ / _sh_ preprocessor macros instead of alpha / sh.
* Fix jdk gensrc build on x32.
* Re-enable the atk bridge for releases with a fixed atk bridge.
* Really apply the 32bit detection patch. Closes: #787072.
* Make derivatives builds the same as the parent distro. Closes: #797665.
* Add m68k support for Zero (Andreas Schwab).
* Sort the enums and the annotations in the package-tree.html files.
* Update to 8u66-b01.
* Fix jdk build on x32.
* Update to 8u60-b22.
* Don't use solaris compiler flags for linux sparc builds. Closes: #790370.
* Fix 32bit detection for the build jdk; try to build again for mips
and mipsel (James Cowgill). Closes: #787072.
* Fix 8074312, enable hotspot builds on 4.x Linux kernels. Closes: #786417.
* openjdk-jre-headless: Add dependency on the package containing the
mountpoint binary. Closes: #787106.
* Stop building for mips and mipsel. Addresses #785051.
* jdk: Fix freeNativeStringArray declaration. Closes: #785530.
* Fix JamVM with 8u45. Closes: #766284.
* Update to 8u45-b14.
* Update AArch64 to (post) 8u45-b14.
* Make libnss3-dev installable on precise (Thorsten Glaser). LP: #1411630.
* Only install the openjdk-java.desktop file when using cautious-launcher.
* Update to 8u40-b27.
* Update AArch64 to (post) 8u40-b25.
* Fix libjavajpeg build using the system jpeg library. Closes: #760926.
* Update AArch64 to 8u40-b22.
* Update the alpha float patch.
* Fix JDK-8067330, ZERO_ARCHDEF incorrectly defined for PPC/PPC64
architectures.
* Fix JDK-8067331, Zero: Atomic::xchg and Atomic::xchg_ptr need
full memory barrier.
* Build using OpenJDK-8.
* Update to 8u40-b22.
* Fix build on mips64 and mips64el. Closes: #776295.
* Don't strip libjvm.so to prevent rejection by ftp-master (work around,
but no fix in the archive). Addresses: #775760.
* Fix jamvm to work with recent security updates. Closes: #766284.
* Update to 8u40-b21.
* Fix libjpeg runtime dependency.
* Update to 8u40-b09.
* Update the AArch64 hotspot to 8u40-b09.
* Allow to build for Ubuntu 12.04 LTS.
* Change B-D to libjpeg-dev to finish the transition to libjpeg-turbo
(Ondřej Surý). Closes: #763490.
* Backport the fix for 8017773 OpenJDK returns incorrect TrueType
font metrics. Closes: #762323.
* Depend on libnss3 instead of libnss3-1d for recent releases.
Addresses: #760122.
* Remove AArch64 patch applied upstream.
* Update the kfresbsd jdk patch, still not forwarded upstream.
* Update to 8u40-b04.
* Backport 8050942, implement template interpreter for ppc64le.
* Build-depend on systemtap-sdt-dev.
* 8u20 build 26 is the final 8u20 release.
* Update the AArch64 hotspot.
* Fix applying the kfreebsd patch for JamVM.
* x32 build fixes.
* Allow openjdk-8-jdk as an alternative build dependency.
* Adjust timeouts for jtreg runs.
* Update to 8u20-b26.
* Update to JamVM 2.0.0.
* Update to IcedTea-Sound 1.0.1.
* Update toplevel configury to recognize zero archs alpha, mips*,
m68k, sh4.
* Update kfreebsd-support patches (Steven Chamberlain).
* Fix an uninitialized memory issue in adlc (Fridrich Strba).
* Move libjavagtk into the -jre package.
* Use the system libpcsclite library.
* Fix typo, ignoring boot cycle builds (Emmanuel Bourg).
* Derive the update version and the build number from the package
version (Emmanuel Bourg).
* Call quilt with --quiltrc -. Closes: #755710.
* openjdk-8-jdk: Fix src.zip symlink. Closes: #755869.
* Work around OpenJDK's build system which is not robust enough
to accept commas in *FLAGS.
* Pass extra flags for non-hotspot builds.
* Fix the zero build on i386.
* Don't add extra symlinks for the jni_{md,jawt}.h header files.
* Initial OpenJDK 8 packaging, based on 8u20-b20.
* Fix hotspot build system for GNU make 4.0 (Emmanuel Bourg).
* Drop rhino (build) dependencies (Emmanuel Bourg).
* Add java8 provides (Emmanuel Bourg).
* Add IcedTea patches to build with external jpeg, png and lcms
libraries (Emmanuel Bourg).
* Add keywords to the desktop files (Emmanuel Bourg).
* Remove the suggested dependency on sun-java6-fonts ((Emmanuel Bourg).
* Build hotspot on ppc64 and ppc64el.
* Add the IcedTea Sound tarball.
* Don't strip files when building the images.
* Update patches to pass the extra flags to the libsig and libsaproc builds.
* Use dh_strip's knowledge about build ids when available.
* Fix the quoting of configure flags for the zero build.
* Update the java-access-bridge-security patch (Raphael Geissert).
* Don't hard code the compiler names in the AArch64 hotspot build.
* Build using GCC 4.9 where available.
* Add MIPS64(el) support (Yunqiang Su). Closes: #746207.
* Suggest fonts-indic instead of ttf-indic-fonts. Closes: #747694.
* IcedTea7 2.4.7 release.
* Security fixes
- S8023046: Enhance splashscreen support.
- S8025005: Enhance CORBA initializations.
- S8025010, CVE-2014-2412: Enhance AWT contexts.
- S8025030, CVE-2014-2414: Enhance stream handling.
- S8025152, CVE-2014-0458: Enhance activation set up.
- S8026067: Enhance signed jar verification.
- S8026163, CVE-2014-2427: Enhance media provisioning.
- S8026188, CVE-2014-2423: Enhance envelope factory.
- S8026200: Enhance RowSet Factory.
- S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling.
- S8026736, CVE-2014-2398: Enhance Javadoc pages.
- S8026797, CVE-2014-0451: Enhance data transfers.
- S8026801, CVE-2014-0452: Enhance endpoint addressing.
- S8027766, CVE-2014-0453: Enhance RSA processing.
- S8027775: Enhance ICU code.
- S8027841, CVE-2014-0429: Enhance pixel manipulations.
- S8028385: Enhance RowSet Factory.
- S8029282, CVE-2014-2403: Enhance CharInfo set up.
- S8029286: Enhance subject delegation.
- S8029699: Update Poller demo.
- S8029730: Improve audio device additions.
- S8029735: Enhance service mgmt natives.
- S8029740, CVE-2014-0446: Enhance handling of loggers.
- S8029745, CVE-2014-0454: Enhance algorithm checking.
- S8029750: Enhance LCMS color processing (LCMS 2 only).
- S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg).
- S8029844, CVE-2014-0455: Enhance argument validation.
- S8029854, CVE-2014-2421: Enhance JPEG decodings.
- S8029858, CVE-2014-0456: Enhance array copies.
- S8030731, CVE-2014-0460: Improve name service robustness.
- S8031330: Refactor ObjectFactory.
- S8031335, CVE-2014-0459: Better color profiling.
- S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng).
- S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader.
- S8031395: Enhance LDAP processing.
- S8032686, CVE-2014-2413: Issues with method invoke.
- S8033618, CVE-2014-1876: Correct logging output.
- S8034926, CVE-2014-2397: Attribute classes properly.
- S8036794, CVE-2014-0461: Manage JavaScript instances.
* AArch64 fixes.
* IcedTea7 2.4.6 release.
* Explicitly use AC_MAINTAINER_MODE and automake-1.11 to create the
debian .orig tarball. Addresses: #740289.
* Apply patch from upstream to fix bold fonts in Swing applications using
GTK L&F (Ryan Tandy). LP: #937200.
* Explicitly build-depend on libkrb5-dev.
* On AArch64 don't use the hotsport backport for the zero build.
* IcedTea7 2.4.6 prerelease.
* Fix icedtea-web build failure on kfreebsd-* (unable to find
sun.security.util.SecurityConstants). Steven Chamberlain. Closes: #739032.
* Update the AArch64 Hotspot.
* Update the KFreeBSD patch (Steven Chamberlain). Closes: #736291.
* IcedTea7 2.4.5 release.
* Build Hotspot client and server vms for AArch64.
* IcedTea7 2.4.4 release.
* Security fixes
- S6727821: Enhance JAAS Configuration.
- S7068126, CVE-2014-0373: Enhance SNMP statuses.
- S8010935: Better XML handling.
- S8011786, CVE-2014-0368: Better applet networking.
- S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be
on restricted package list.
- S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code.
- S8022904: Enhance JDBC Parsers.
- S8022927: Input validation for byte/endian conversions.
- S8022935: Enhance Apache resolver classes.
- S8022945: Enhance JNDI implementation classes.
- S8023057: Enhance start up image display.
- S8023069, CVE-2014-0411: Enhance TLS connections.
- S8023245, CVE-2014-0423: Enhance Beans decoding.
- S8023301: Enhance generic classes.
- S8023338: Update jarsigner to encourage timestamping.
- S8023672: Enhance jar file validation.
- S8024302: Clarify jar verifications.
- S8024306, CVE-2014-0416: Enhance Subject consistency.
- S8024530: Enhance font process resilience.
- S8024867: Enhance logging start up.
- S8025014: Enhance Security Policy.
- S8025018, CVE-2014-0376: Enhance JAX-P set up.
- S8025026, CVE-2013-5878: Enhance canonicalization.
- S8025034, CVE-2013-5907: Improve layout lookups.
- S8025448: Enhance listening events.
- S8025758, CVE-2014-0422: Enhance Naming management.
- S8025767, CVE-2014-0428: Enhance IIOP Streams.
- S8026172: Enhance UI Management.
- S8026176: Enhance document printing.
- S8026193, CVE-2013-5884: Enhance CORBA stub factories.
- S8026204: Enhance auth login contexts.
- S8026417, CVE-2013-5910: Enhance XML canonicalization.
- S8026502: java/lang/invoke/MethodHandleConstants.java fails on all
platforms.
- S8027201, CVE-2014-0376: Enhance JAX-P set up.
- S8029507, CVE-2013-5893: Enhance JVM method processing.
- S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java
fails agains.
* Remove alpha from stage1_gcj_archs.
* Use the langtools and jdk tarballs as provided by IcedTea.
* Hotspot is dead on sparc. Build the zero interpreter as the default.
* Blindly update the KF***BSD patches.
* Run the jtreg tests on powerpcspe, tested by Roland Stigge.
* Fix zero builds on 64k page kernel configs.
* Fix more IcedTea bits to build on x32.
* Re-enable running the testsuite on powerpc.
* Run the testsuite on AArch64.
* Fix IcedTea bits to build on x32.
* Don't build on s390 anymore.
* Update hotspot-mips-align patch (Aurelien Jarno). Closes: #732528).
* Build for ppc64el.
* Try to build zero on x32.
* Configure with --enable-zero on sparc and sparc64.
* Disable bootstrap build on alpha. Closes: #719671.
* Disable running the jdk jtreg tests on the hotspot architectures.
Hanging on the buildds.
* Re-enable the jexec patch, program logic confused by running jexec
outside the assumed java home. Closes: #731961.
* Don't apply the s390 patches on s390x. s390 is successfully dead.
* Fix zero builds on little endian architectures, taken from the trunk.
* IcedTea7 2.4.3 release.
* Security fixes:
- S8006900, CVE-2013-3829: Add new date/time capability.
- S8008589: Better MBean permission validation.
- S8011071, CVE-2013-5780: Better crypto provider handling.
- S8011081, CVE-2013-5772: Improve jhat.
- S8011157, CVE-2013-5814: Improve CORBA portablility.
- S8012071, CVE-2013-5790: Better Building of Beans.
- S8012147: Improve tool support.
- S8012277: CVE-2013-5849: Improve AWT DataFlavor.
- S8012425, CVE-2013-5802: Transform TransformerFactory.
- S8013503, CVE-2013-5851: Improve stream factories.
- S8013506: Better Pack200 data handling.
- S8013510, CVE-2013-5809: Augment image writing code.
- S8013514: Improve stability of cmap class.
- S8013739, CVE-2013-5817: Better LDAP resource management.
- S8013744, CVE-2013-5783: Better tabling for AWT.
- S8014085: Better serialization support in JMX classes.
- S8014093, CVE-2013-5782: Improve parsing of images.
- S8014098: Better profile validation.
- S8014102, CVE-2013-5778: Improve image conversion.
- S8014341, CVE-2013-5803: Better service from Kerberos servers.
- S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic
in some class loader configurations.
- S8014530, CVE-2013-5825: Better digital signature processing.
- S8014534: Better profiling support.
- S8014987, CVE-2013-5842: Augment serialization handling.
- S8015614: Update build settings.
- S8015731: Subject java.security.auth.subject to improvements.
- S8015743, CVE-2013-5774: Address internet addresses.
- S8016256: Make finalization final.
- S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters
in names.
- S8016675, CVE-2013-5797: Make Javadoc pages more robust.
- S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately.
- S8017287, CVE-2013-5829: Better resource disposal.
- S8017291, CVE-2013-5830: Cast Proxies Aside.
- S8017298, CVE-2013-4002: Better XML support.
- S8017300, CVE-2013-5784: Improve Interface Implementation.
- S8017505, CVE-2013-5820: Better Client Service.
- S8019292: Better Attribute Value Exceptions.
- S8019617: Better view of objects.
- S8020293: JVM crash.
- S8021275, CVE-2013-5805: Better screening for ScreenMenu.
- S8021282, CVE-2013-5806: Better recycling of object instances.
- S8021286: Improve MacOS resourcing.
- S8021290, CVE-2013-5823: Better signature validation.
- S8022931, CVE-2013-5800: Enhance Kerberos exceptions.
- S8022940: Enhance CORBA translations.
- S8023683: Enhance class file parsing.
* Fix build failure on mips* (Aurelien Jarno). Closes: #729448).
* Run autoreconf. Closes: #724083.
* Merge the -jre-lib package into -jre-headless. Simplifies the packaging
and the savings were not as big as wanted, because the rt.jar is still
architecture dependant. Closes: #641049, #722510.
* Apply missing patch to fix arm64/AArch64 detection.
* openjdk-jre-headless: Loosen the dependency on -jre-lib.
* Regenerate the control file.
* Add the hotspot patches for AArch64, which apparently were not
included in the IcedTea release by intent.
* Don't interpret arm64 as an ARM architecture, but as AArch64. So
much for Debian calling this port arm64 ...
* Use host macros instead of build macros for corba and hotspot config.
* Re-add multiarch library directories to the default library path.
Closes: #712567.
* Enable the two-stage build on alpha. Closes: #719671.
* Build for powerpcspe (Roland Stigge). Closes: #712686.
* Recommend fonts-dejavu-extra instead of ttf-dejavu-extra for current
releases. Closes: #718839.
* Fix kFreeBSD builds (Thanks to Christoph Egger for his help).
[ Matthias Klose ]
* Regenerate the hotspot-s390 patch.
[ Damien Raude-Morvan ]
* Update kfreebsd patches.
* IcedTea7 2.3.12 release.
* Don't build with pulseaudio on arm64.
* Disable bootstraped build on s390 and sparc.
* Regenerate the control file.
[ Matthias Klose ]
* Fix gcj-jdk build dependency on ia64 and s390.
* Build zero on arm64.
[ Gianfranco Costamagna ]
* Fix build failure on kfreebsd (Closes: #714528)
* IcedTea7 2.3.10 release.
* Security fixes
* S6741606, CVE-2013-2407: Integrate Apache Santuario.
* S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls.
* S7170730, CVE-2013-2451: Improve Windows network stack support.
* S8000638, CVE-2013-2450: Improve deserialization.
* S8000642, CVE-2013-2446: Better handling of objects for transportation.
* S8001032: Restrict object access.
* S8001033, CVE-2013-2452: Refactor network address handling in virtual
machine identifiers.
* S8001034, CVE-2013-1500: Memory management improvements.
* S8001038, CVE-2013-2444: Resourcefully handle resources.
* S8001043: Clarify definition restrictions.
* S8001308: Update display of applet windows.
* S8001309: Better handling of annotation interfaces.
* S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with
InetAddress.getLocalHost.
* S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only).
* S8003703, CVE-2013-2412: Update RMI connection dialog box.
* S8004288, CVE-2013-2449: (fs) Files.probeContentType problems.
* S8004584: Augment applet contextualization.
* S8005007: Better glyph processing.
* S8006328, CVE-2013-2448: Improve robustness of sound classes.
* S8006611: Improve scripting.
* S8007467: Improve robustness of JMX internal APIs.
* S8007471: Improve MBean notifications.
* S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes.
* S8007925: Improve cmsStageAllocLabV2ToV4curves.
* S8007926: Improve cmsPipelineDup.
* S8007927: Improve cmsAllocProfileSequenceDescription.
* S8007929: Improve CurvesAlloc.
* S8008120, CVE-2013-2457: Improve JMX class checking.
* S8008124, CVE-2013-2453: Better compliance testing.
* S8008128: Better API coherence for JMX.
* S8008132, CVE-2013-2456: Better serialization support.
* S8008585: Better JMX data handling.
* S8008593: Better URLClassLoader resource management.
* S8008603: Improve provision of JMX providers.
* S8008607: Better input checking in JMX.
* S8008611: Better handling of annotations in JMX.
* S8008615: Improve robustness of JMX internal APIs.
* S8008623: Better handling of MBeanServers.
* S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606.
* S8008982: Adjust JMX for underlying interface changes.
* S8009004: Better implementation of RMI connections.
* S8009008: Better manage management-api.
* S8009013: Better handling of T2K glyphs.
* S8009034: Improve resulting notifications in JMX.
* S8009038: Improve JMX notification support.
* S8009057, CVE-2013-2448: Improve MIDI event handling.
* S8009067: Improve storing keys in KeyStore.
* S8009071, CVE-2013-2459: Improve shape handling.
* S8009235: Improve handling of TSA data.
* S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change.
* S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields.
* S8009654: Improve stability of cmsnamed.
* S8010209, CVE-2013-2460: Better provision of factories.
* S8011243, CVE-2013-2470: Improve ImagingLib.
* S8011248, CVE-2013-2471: Better Component Rasters.
* S8011253, CVE-2013-2472: Better Short Component Rasters.
* S8011257, CVE-2013-2473: Better Byte Component Rasters.
* S8012375, CVE-2013-1571: Improve Javadoc framing.
* S8012421: Better positioning of PairPositioning.
* S8012438, CVE-2013-2463: Better image validation.
* S8012597, CVE-2013-2465: Better image channel verification.
* S8012601, CVE-2013-2469: Better validation of image layouts.
* S8014281, CVE-2013-2461: Better checking of XML signature.
* S8015997: Additional improvement in Javadoc framing.
* Breaks icedtea-netx (<< 1.4-2).
* Update kFreeBSD support (Guido Guenther). Closes: #708818.
* Stop building the transitional cacao package for sid.
* Build the transitional cacao package for sid as well. Apparently
some buildds are not updated to list wheezy as the code name for
the current distribution.
* Disable the cacao build again, causing build failures on i386 and s390.
* Build a transitional cacao jre package instead.
* On ia64, use gcj-4.7 for the bootstrap build.
* Drop the cacao jre from recommends to suggests.
* Re-enable cacao, was enabled in the 2.1.x series.
* IcedTea7 2.3.9 release.
* Security fixes:
- S6657673, CVE-2013-1518: Issues with JAXP.
- S7200507: Refactor Introspector internals.
- S8000724, CVE-2013-2417: Improve networking serialization.
- S8001031, CVE-2013-2419: Better font processing.
- S8001040, CVE-2013-1537: Rework RMI model.
- S8001322: Refactor deserialization.
- S8001329, CVE-2013-1557: Augment RMI logging.
- S8003335: Better handling of Finalizer thread.
- S8003445: Adjust JAX-WS to focus on API.
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
- S8004261: Improve input validation.
- S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames.
- S8004986, CVE-2013-2383: Better handling of glyph table.
- S8004987, CVE-2013-2384: Improve font layout.
- S8004994, CVE-2013-1569: Improve checking of glyph table.
- S8005432: Update access to JAX-WS.
- S8005943: (process) Improved Runtime.exec.
- S8006309: More reliable control panel operation.
- S8006435, CVE-2013-2424: Improvements in JMX.
- S8006790: Improve checking for windows.
- S8006795: Improve font warning messages.
- S8007406: Improve accessibility of AccessBridge.
- S8007617, CVE-2013-2420: Better validation of images.
- S8007667, CVE-2013-2430: Better image reading.
- S8007918, CVE-2013-2429: Better image writing.
- S8008140: Better method handle resolution.
- S8009049, CVE-2013-2436: Better method handle binding.
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
- S8009305, CVE-2013-0401: Improve AWT data transfer.
- S8009677, CVE-2013-2423: Better setting of setters.
- S8009699, CVE-2013-2421: Methodhandle lookup.
- S8009814, CVE-2013-1488: Better driver management.
- S8009857, CVE-2013-2422: Problem with plugin.
* Backports:
- S7130662: GTK file dialog crashes with a NPE.
* Bug fixes
- PR1363: Fedora 19 / rawhide FTBFS SIGILL.
- PR1401: Fix Zero build on 2.3.8.
- Fix offset problem in ICU LETableReference.
- Change -Werror fix to preserve OpenJDK default.
- PR1303: Correct #ifdef to #if.
- PR1404: Failure to bootstrap with ecj 4.2.
* Remove Torsten Werner as uploader.
* Regenerate the control file.
* IcedTea7 2.3.8 release.
* Security fixes:
- S8007014, CVE-2013-0809: Improve image handling.
- S8007675, CVE-2013-1493: Improve color conversion.
* Backports:
- S8002344: Krb5LoginModule config class does not return proper KDC list
from DNS.
- S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c.
- S8006179: JSR292 MethodHandles lookup with interface using findVirtual().
- S8006882: Proxy generated classes in sun.proxy package breaks JMockit.
* Bug fixes:
- PR1303: Correct #ifdef to #if.
- PR1340: Simplify the rhino class rewriter to avoid use of concurrency.
- Revert 7017193 and add the missing free call, until a better fix is ready.
* Security fixes:
- S8007014, CVE-2013-0809: Improve image handling
- S8007675, CVE-2013-1493: Improve color conversion
- debian/rules: updated to add 8007014.patch and 8007675.patch
* Regenerate the control file.
* IcedTea7 2.3.7 release.
* Security fixes:
- S8004937, CVE-2013-1484: Improve proxy construction.
- S8006439, CVE-2013-1485: Improve MethodHandles coverage.
- S8006446, CVE-2013-1486: Restrict MBeanServer access.
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages.
- S8007688: Blacklist known bad certificate.
* Backports:
- S8007393: Possible race condition after JDK-6664509.
- S8007611: logging behavior in applet changed.
* For zero builds, use the same hotspot version as in 2.1.6.
* Reenable bootstrap builds, except for alpha.
* Explicitly disable building on mips/mipsel. Not supported by the
Debian OpenJDK maintainers, the Debian mips porters, or the Debian
Java team.
* IcedTea7 2.3.6 release.
- Disable bootstrap builds, currently broken in IcedTea.
* Security fixes:
- S6563318, CVE-2013-0424: RMI data sanitization.
- S6664509, CVE-2013-0425: Add logging context.
- S6664528, CVE-2013-0426: Find log level matching its name or value given
at construction time.
- S6776941: CVE-2013-0427: Improve thread pool shutdown.
- S7141694, CVE-2013-0429: Improving CORBA internals.
- S7173145: Improve in-memory representation of splashscreens.
- S7186945: Unpack200 improvement.
- S7186946: Refine unpacker resource usage.
- S7186948: Improve Swing data validation.
- S7186952, CVE-2013-0432: Improve clipboard access.
- S7186954: Improve connection performance.
- S7186957: Improve Pack200 data validation.
- S7192392, CVE-2013-0443: Better validation of client keys.
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages.
- S7192977, CVE-2013-0442: Issue in toolkit thread.
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies.
- S7200491: Tighten up JTable layout code.
- S7200500: Launcher better input validation.
- S7201064: Better dialogue checking.
- S7201066, CVE-2013-0441: Change modifiers on unused fields.
- S7201068, CVE-2013-0435: Better handling of UI elements.
- S7201070: Serialization to conform to protocol.
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue.
- S8000210: Improve JarFile code quality.
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class.
- S8000540, CVE-2013-1475: Improve IIOP type reuse management.
- S8000631, CVE-2013-1476: Restrict access to class constructor.
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling.
- S8001242: Improve RMI HTTP conformance.
- S8001307: Modify ACC_SUPER behavior.
- S8001972, CVE-2013-1478: Improve image processing.
- S8002325, CVE-2013-1480: Improve management of images.
* Fix font suggestion for indic fonts in wheezy.
* Fix fontconfig definitions for japanese and korean fonts, fixing
compilation of the fontconfig file.
* Add Built-Using: rhino attribute for the -lib package.
* Don't use concurrent features to rewrite the rhino jar file.
* Enable class data sharing for the hotspot server VM.
* IcedTea7 2.3.4 release.
* Security fixes
- S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries.
- S8006017, CVE-2013-0422: Improve lookup resolutions.
- S8006125: Update MethodHandles library interactions.
* Bug fixes
- S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit
shifts.
- G422525: Fix building with PaX enabled kernels.
[ Matthias Klose ]
* Loosen OpenGL dependency. Closes: #695028.
* Fix error parsing drop files parameter from pcmanfm (Alberto Fernández
Martínez). Closes: #695992.
[ Thorsten Glaser ]
* debian/rules: Use gcj-4.6-jdk for m68k builds.
* d/patches/text-relocations.patch: build with -fPIC on all archs.
* Upload to experimental.
* IcedTea7 2.3.3 release.
* Security fixes
- S6631398, CVE-2012-3216: FilePermission improved path checking.
- S7093490: adjust package access in rmiregistry.
- S7143535, CVE-2012-5068: ScriptEngine corrected permissions.
- S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp.
- S7158807: Revise stack management with volatile call sites.
- S7163198, CVE-2012-5076: Tightened package accessibility.
- S7167656, CVE-2012-5077: Multiple Seeders are being created.
- S7169884, CVE-2012-5073: LogManager checks do not work correctly for
sub-types.
- S7169887, CVE-2012-5074: Tightened package accessibility.
- S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI
connector.
- S7172522, CVE-2012-5072: Improve DomainCombiner checking.
- S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC.
- S7189103, CVE-2012-5069: Executors needs to maintain state.
- S7189490: More improvements to DomainCombiner checking.
- S7189567, CVE-2012-5085: java net obselete protocol.
- S7192975, CVE-2012-5071: Issue with JMX reflection.
- S7195194, CVE-2012-5084: Better data validation for Swing.
- S7195549, CVE-2012-5087: Better bean object persistence.
- S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be
improved.
- S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without
needing to create instance.
- S7196190, CVE-2012-5088: Improve method of handling MethodHandles.
- S7198296, CVE-2012-5089: Refactor classloader usage.
- S7158800: Improve storage of symbol tables.
- S7158801: Improve VM CompileOnly option.
- S7158804: Improve config file parsing.
- S7198606, CVE-2012-4416: Improve VM optimization.
* Build a transitional icedtea-7-jre-cacao package to ease upgrades.
* Upload to experimental.
* Repackage the source to drop the cacao tarball (and packaging files).
* Depend again on system provided tzdata-java and restore the zi
symlink on upgrade. LP: #1050404.
* libgnome2-0, libgnomevfs2-0, libgconf2-4 are not prepared for multiarch.
Don't depend on these so that openjdk-7 can be installed as a multiarch
package.
* Make the avian VM a known runtime.
* Fix 32bit hotspot build, don't set maximal heap space lower than
minimal heap space for the docs build.
* d/p/sane-library-paths.patch, d/p/ant-diagnostics.diff,
d/p/fix-race-cond-print.diff, d/p/gcc-hotspot-opt-O[02].diff,
d/p/gcc-mtune-generic.diff, d/p/openjdk-6986968.diff: Remove, not used.
* Remove unused shark/llvm-3.0 patches.
* d/p/zero-only-use-floating-point-if-floating-poi.patch: Remove, applied
upstream.
* Don't explicitly build with -march=i586 on i386 architectures.
* Re-apply zero-missing-headers.diff.
* Disable cacao builds, needs update for 7u7.
* For Ubuntu quantal, set priorities for alternatives higher than for
OpenJDK 6.
* Call update-alternatives when the existing priority for the alternative
is lower than the current one.
* Configure with --disable-downloading.
* Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME
version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433.
* Revert the following change: Move libgnome2-0, libgnomevfs2-0, libgconf2-4
from Depends of JRE package to Recommends (#661465).
The proper fix is to create a -jdk-headless package, or not depending on
these gnome packages at all (e.g. using XDG libraries).
* New upstream IcedTea7 2.3.2 release.
* Security fixes:
- CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531.
- S7079902, CVE-2012-1711: Refine CORBA data models.
- S7143606, CVE-2012-1717: File.createTempFile should be improved
for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement.
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations.
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC.
- S7143872, CVE-2012-1718: Improve certificate extension processing.
- S7152811, CVE-2012-1723: Issues in client compiler.
- S7157609, CVE-2012-1724: Issues with loop.
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile.
- S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup.
* Bump version to 7u7 (OpenJDK), 2.3.2 (IcedTea). Closes: #685276.
* d/p/icedtea7-forest-jdk_7104625-XEvent_wrap_logging_calls_with_if.patch,
d/p/hotspot-sparc.diff: Remove, integrated upstream.
* d/p/{deb-multiarch,fix_extra_flags,hotspot-no-werror}.diff:
Add variants for hotspot and zero builds.
* d/p/default-jvm-cfg.diff, d/p/icedtea-4953367.patch,
d/p/icedtea-patch.diff, d/p/icedtea-pretend-memory.diff,
d/p/libpcsclite-dlopen.diff, d/p/nonreparenting-wm.diff:
Update for 2.3.2.
* Remove build support for Ubuntu releases earlier than hardy.
* d/update-shasum.sh: Only update the shasums of the -dfsg tarballs.
* Don't apply shark patches (not built anyway).
* IcedTea7 2.1.7 release:
* Security fixes:
- S8007014, CVE-2013-0809: Improve image handling.
- S8007675, CVE-2013-1493: Improve color conversion.
* Backports:
- S8002344: Krb5LoginModule config class does not return proper KDC list
from DNS.
- S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c.
- S8006179: JSR292 MethodHandles lookup with interface using findVirtual().
- S8006882: Proxy generated classes in sun.proxy package breaks JMockit.
* Bug fixes:
- PR1303: Correct #ifdef to #if
- Stop libraries being stripped in the OpenJDK build.
- PR1340: Simplify the rhino class rewriter to avoid use of concurrency.
- Revert 7017193 and add the missing free call, until a better fix is ready.
* IcedTea7 2.1.5 release:
* Security fixes:
- S6563318, CVE-2013-0424: RMI data sanitization.
- S6664509, CVE-2013-0425: Add logging context.
- S6664528, CVE-2013-0426: Find log level matching its name or value
given at construction time.
- S6776941: CVE-2013-0427: Improve thread pool shutdown.
- S7141694, CVE-2013-0429: Improving CORBA internals.
- S7173145: Improve in-memory representation of splashscreens.
- S7186945: Unpack200 improvement.
- S7186946: Refine unpacker resource usage.
- S7186948: Improve Swing data validation.
- S7186952, CVE-2013-0432: Improve clipboard access.
- S7186954: Improve connection performance.
- S7186957: Improve Pack200 data validation.
- S7192392, CVE-2013-0443: Better validation of client keys.
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages.
- S7192977, CVE-2013-0442: Issue in toolkit thread.
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective
proxies.
- S7200491: Tighten up JTable layout code.
- S7200493, CVE-2013-0444: Improve cache handling.
- S7200499: Better data validation for options.
- S7200500: Launcher better input validation.
- S7201064: Better dialogue checking.
- S7201066, CVE-2013-0441: Change modifiers on unused fields.
- S7201068, CVE-2013-0435: Better handling of UI elements.
- S7201070: Serialization to conform to protocol.
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue.
- S8000210: Improve JarFile code quality.
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class.
- S8000539, CVE-2013-0431: Introspect JMX data handling.
- S8000540, CVE-2013-1475: Improve IIOP type reuse management.
- S8000631, CVE-2013-1476: Restrict access to class constructor.
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling.
- S8001242: Improve RMI HTTP conformance.
- S8001307: Modify ACC_SUPER behavior.
- S8001972, CVE-2013-1478: Improve image processing.
- S8002325, CVE-2013-1480: Improve management of images.
* Backports:
- S7054590: (JSR-292) MethodHandleProxies.asInterfaceInstance()
accepts private/protected nested interfaces.
- S7175616: Port fix for TimeZone from JDK 8 to JDK 7.
- S8002068: Build broken: corba code changes unable to use new
JDK 7 classes.
- S8004341: Two JCK tests fails with 7u11 b06.
- S8005615: Java Logger fails to load tomcat logger implementation (JULI).
* IcedTea7 2.1.6 release:
* Security fixes:
- S8004937, CVE-2013-1484: Improve proxy construction.
- S8006439, CVE-2013-1485: Improve MethodHandles coverage.
- S8006446, CVE-2013-1486: Restrict MBeanServer access.
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages.
- S8007688: Blacklist known bad certificate.
* Backports:
- S7123519: problems with certification path.
- S8007393: Possible race condition after JDK-6664509.
- S8007611: logging behavior in applet changed.
* Fix font suggestion for indic fonts in wheezy.
* Fix fontconfig definitions for japanese and korean fonts, fixing
compilation of the fontconfig file.
* Add Built-Using: rhino attribute for the -lib package.
* Don't use concurrent features to rewrite the rhino jar file.
* Enable class data sharing for the hotspot server VM.
* Enable bootstrap builds for alpha.
* Explicitly disable building on mips/mipsel. Not supported by the
Debian OpenJDK maintainers, the Debian mips porters, or the Debian
Java team.
* IcedTea7 2.1.4 release.
* Security fixes
- S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
- S8006017, CVE-2013-0422: Improve lookup resolutions
- S8006125: Update MethodHandles library interactions
* Loosen OpenGL dependency. Closes: #695028.
* Fix error parsing drop files parameter from pcmanfm (Alberto Fernández
Martínez). Closes: #695992.
* IcedTea7 2.1.3 release.
* Security fixes
- S6631398, CVE-2012-3216: FilePermission improved path checking.
- S7093490: adjust package access in rmiregistry.
- S7143535, CVE-2012-5068: ScriptEngine corrected permissions.
- S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp.
- S7158807: Revise stack management with volatile call sites.
- S7163198, CVE-2012-5076: Tightened package accessibility.
- S7167656, CVE-2012-5077: Multiple Seeders are being created.
- S7169884, CVE-2012-5073: LogManager checks do not work correctly for
sub-types.
- S7169887, CVE-2012-5074: Tightened package accessibility.
- S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI
connector.
- S7172522, CVE-2012-5072: Improve DomainCombiner checking.
- S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC.
- S7189103, CVE-2012-5069: Executors needs to maintain state.
- S7189490: More improvements to DomainCombiner checking.
- S7189567, CVE-2012-5085: java net obselete protocol.
- S7192975, CVE-2012-5071: Issue with JMX reflection.
- S7195194, CVE-2012-5084: Better data validation for Swing.
- S7195549, CVE-2012-5087: Better bean object persistence.
- S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be
improved.
- S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without
needing to create instance.
- S7196190, CVE-2012-5088: Improve method of handling MethodHandles.
- S7198296, CVE-2012-5089: Refactor classloader usage.
- S7158801: Improve VM CompileOnly option.
- S7158804: Improve config file parsing.
- S7198606, CVE-2012-4416: Improve VM optimization.
* Backports
- S7175845: "jar uf" changes file permissions unexpectedly.
- S7177216: native2ascii changes file permissions of input file.
- S7106773: 512 bits RSA key cannot work with SHA384 and SHA512.
- S7158800: Improve storage of symbol tables.
* Make the avian VM a known runtime.
* Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME
version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433.
* IcedTea7 2.1.2 release.
* Security fixes
- CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed
in 6788531.
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder.
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans
objects.
- S7163201, CVE-2012-0547: Simplify toolkit internals references.
* d/p/hotspot-sparc.diff: Remove, integrated upstream.
* Stop running the mauve tests.
* d/rules: Ensure we don't remove -02 (default) when -03 is disabled
(fix jamvm FTBFS on armhf without -02).
* d/patches/gcc-jdk-opt-O0.diff, d/patches/gcc-jdk-opt-O2.diff,
d/patches/gcc-no-hardening.diff, d/patches/gcc-opt-O2.diff: removed.
* d/rules: On Debian Wheezy/Sid bump Build-Depends on libnss3-dev
(>= 2:3.13.4) and Depends on libnss3 (>= 2:3.13.4) (ie. with epoch).
(Closes: #679465).
* d/control: Suggests icedtea-7-plugin instead of icedtea6-plugin
(Closes: #680284).
* d/patches/7130140-MouseEvent-systemout.diff: Remove "MEvent. CASE!" from
console output. (Closes: #679036).
* Disable -O3 compile: cause wrong Math.* computations.
(Closes: #679292 and Closes: #678228). LP: #1044857.
* debian/patches/FreetypeFontScaler_getFontMetricsNative.diff:
Fix "OpenJDK returns the text height greater than font size".
(Closes: #657854)
* New upstream release with security fixes (Closes: #677486):
- S7079902, CVE-2012-1711: Refine CORBA data models
- S7110720: Issue with vm config file loadingIssue with
vm config file loading
- S7143606, CVE-2012-1717: File.createTempFile should be improved
for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
- S7143872, CVE-2012-1718: Improve certificate extension processing
- S7145239: Finetune package definition restriction
- S7152811, CVE-2012-1723: Issues in client compiler
- S7157609, CVE-2012-1724: Issues with loop
- S7160677: missing else in fix for 7152811
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
- S7165628, CVE-2012-1726: Issues with
java.lang.invoke.MethodHandles.Lookup
* Patches merged upstream:
- debian/patches/arm-thumb-fix.diff
- debian/patches/gcc-4.7.diff
[ James Page ]
* Cherry picked patch from openjdk-6 to fix handling of
ICC profiles (LP: #888123, #888129) (Closes: #676351).
[ Damien Raude-Morvan ]
* Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package
to Recommends (Closes: #661465).
* New jni_md_h_JNIEXPORT_visibility.patch to allow JNIEXPORT definition
to work with -fvisibility=hidden. (Closes: #670896).
* Don't mark the -demo package as Multi-Arch same. Closes: #670038.
* Build using gcc-4.4 on mips, mipsel.
* Build again with older gcj version on s390 (4.6).
* Default to the ARM assembler interpreter instead to JamVM on
ARM. LP: #993380.
* Use the /usr/bin path for the policytool desktop file. LP: #980205.
Closes: #670037.
* Regenerate the control file.
* Update from the IcedTea7-2.1 release branch (20110410).
* Install desktop files again, using the common /usr/bin/java
interpreter name.
* Build-depend on libpng-dev for newer releases. Closes: #662452.
* Let dlopen handle finding the libpcsclite library. LP: #898689.
* Build-depend on fonts-ipafont-mincho, fixing a build failure in the
fontconfig compiler (find out why it breaks ...).
* Build using gcc-4.7/gcj-4.7 for sid/wheezy, fix build failure.
* Remove `-icedtea' suffix from the release identification.
* Fix arm thumb build, update taken from IcedTea6.
[ Matthias Klose ]
* Don't install the binary fontconfig file. LP: #964303.
[ Damien Raude-Morvan ]
* Remove libxp-dev check in configure.ac, it's not needed anymore
(Closes: #657260) and so drop build dependency on libxp-dev.
* Fix FTBFS with glib 2.32 by adding explicit dependency gthread-2.0.pc
(Closes: #665666).
* Use libpng-dev instead of libpng12-dev for wheezy/sid (Closes: #662453).
* d/rules,Makefile.am: Improve handling of dpkg-buildflags: don't overwrite
CFLAGS of hotspot but use EXTRA_* flags into icedtea and openjdk Makefile.
(Closes: #661695).
* d/rules: Build everything with -03 opt level (jamvm, cacao and jdk)
* d/patches/kfreebsd-support-*.diff: Refresh kfreebsd patches and
fix FTBFS on k-i386 (ie. at least on a sid VM).
* Backport S7104625 as d/patches/icedtea7-forest-jdk_7104625*.patch
to check for logging to prevent wasted CPU (Closes: #651423).
[ Matthias Klose ]
* Use NanumMyeongjo as the preferred korean font. LP: #792471.
* Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when
ifr_ifindex exceeds 255. LP: #925218. S7078386.
* Use IPAfont as the preferred japanesse font. Closes: #646054.
* Build using gcj on alpha and armel. Closes: #655750.
[ Damien Raude-Morvan ]
* d/patches/sparc-stubgenerator.diff: Fix FTBFS on sparc on
stubGenerator_sparc.cpp by using explicit class typedef
(Closes: #660871).
* d/patches/fix_extra_flags.diff: Improve support for hardened build,
also send flags to jdk build and send -Wl,-z,relro during hotspot link.
* Bump Standards-Version to 3.9.3: no changes needed.
* d/control: Don't use nonexistent dlopenjl:Recommends substvar,
replaced by dlopenhl:Recommends.
* d/*.{prerm,postrm}: Use set -e inside script instead of sh -e shebang.
* Cleanup lintian-overrides.
* Make sure that the nss.cfg doesn't mention any library path.
LP: #939361, #939419.
* Disable the accessibility wrapper, doesn't work yet. LP: #935296.
[ Damien Raude-Morvan ]
* d/patches/jexec.diff: Dropped, uneeded and not compatible with multi-arch.
* d/rules: Use dpkg-buildflags to enable hardened build.
(Closes: #660021).
[ Matthias Klose ]
* Merge r522 from openjdk6:
- Make upgrades from non-multiarch to multiarch builds more silent.
- Fix order of grant decls in java.policy.
- Make doc files multi-arch installable.
- JB-archive.applications.in: Use /usr/bin/java by default. Maybe
should be moved to the default-jdk package.
* Explicitly look for the gthread-2.0 pkgconfig module.
* Update icedtea7 2.1 (OpenJDK7 ~u3 release):
- Check for logging to prevent wasted CPU (Closes: #651423).
* Fix following security issues:
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in
ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file
processing
- S7126960, CVE-2011-5035: Add property to limit number of request headers
to the HTTP Server
[ Matthias Klose ]
* openjdk-7-jre-lib: Mark as Multi-Arch: foreign.
[ Damien Raude-Morvan ]
* Merge r501-521 from openjdk6:
- Fix plugin name in jinfo file.
- Fix build flags for cppInterpreter_arm.o.
- Use java-atk-wrapper instead of java-access-bridge for accessibility.
- Make the java.policy file multi-arch installable.
- Don't install desktop and menu files for multiarch builds.
Needs a better solution.
- Don't install an alternative for the deprecated apt tool.
- Make the upgrade from a non-multiarch installation location more
robust; don't depend on version numbers, but check the path of the
alternatives.
- Disable test for armel and powerpc (broken on buildd)
* d/rules: Make symbolic links to src.zip on /usr/lib/jvm/java-7-openjdk-amd64
like openjdk-6-jdk (Closes: #649618).
* d/rules: Pass -n to gzip when compressing manpages to be Multi-Arch: same safe.
* d/rules: Add build-arch/build-indep target.
* d/rules: Re-enable Cacao VM!
* d/{rules,control}: Only rhino 1.7R3 is supported by openjdk7, update B-D.
* d/patches/hotspot-s390.diff: Update for latest Hotspot.
* d/patches/icedtea-patch.diff: Move nssLibraryDirectory handling to d/rules.
* d/rules: Remove --with-*-drop-zip options, as code drops are embedded.
* d/patches/hsx23-zero.patch, patches/shark-compiler-fixes.patch:
Fix FTBFS for Zero under Hotspot >= v22.
* d/patches/kfreebsd-*: Refreshed.
* d/control: Make openjdk-7-source:all package binNMU-able by using
Depends ">=" on openjdk-7-jre (ie. src.zip won't change).
* New upstream IcedTea7 release.
- S7000600, CVE-2011-3547: InputStream skip() information leak.
- S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
- S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
- S7032417, CVE-2011-3552: excessive default UDP socket limit under
SecurityManager.
- S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
- S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
engine.
- S7055902, CVE-2011-3521: IIOP deserialization code execution.
- S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error
checks.
- S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
against SSL/TLS (BEAST).
- S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer.
- S7077466, CVE-2011-3556: RMI DGC server remote code execution.
- S7083012, CVE-2011-3557: RMI registry privileged code execution.
- S7096936, CVE-2011-3560: missing checkSetFactory calls in
HttpsURLConnection.
[ Matthias Klose ]
* Merge debian packaging r501 from openjdk-6:
- Tighten inter-package dependencies for Debian builds. Closes: #641240.
* Build-depend on wdiff.
* d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
to sun.* code.
* d/patches/s390_hotspot_fix.diff: Update to fix FTBFS on s390.
* Update to IcedTea7 (20110928).
[ Matthias Klose ]
* Merge debian packaging r496 from openjdk-6:
- Fix dangling java-1.7.0-openjdk symlink for non-multiarch builds.
[ Damien Raude-Morvan ]
* d/rules: --disable-compile-against-syscalls for kFreeBSD (since there is
no epoll support).
* Update patches:
- d/patches/sun-awt-buildsystem.diff: Drop, merged upstream.
- d/patches/icedtea-override-redirect-compiz.patch: Refresh.
- d/patches/s390_hotspot_fix.diff: Extracted (instead of direct patch).
* Add Build-Depends on libattr1-dev.
* Update to IcedTea7 (20110914).
- d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest
(for real this time).
- d/patches/sun-awt-buildsystem.diff: Fix icedtea7-forest awt build.
* d/patches/kfreebsd-support-jdk.diff: Refresh.
* d/patches/icedtea-patch.diff: Remove usage of nssLibraryDirectory because
while it works for nss3, it fails for softokn3 (since the latter is
in nss/ subdirectory). Without this parameter, openjdk-7 will rely on
default ld.so behavior. (Closes: #637337, #638008)
In openjdk-6, nssLibraryDirectory was not used to load softokn3 (Secmod).
* d/control: openjdk-7-jre Provides java7-runtime, openjdk-7-jre-headless
Provides java7-runtime-headless and openjdk-7-jdk Provides java7-jdk.
(Closes: #641668).
* Update to IcedTea7 (20110906):
- JamVM: support for armhf and other various fixes.
* Upload to unstable.
* Regenerate control file for debian unstable.
* Makefile.am: Force JAVA_HOME for ant call to --with-jdk-home value (without
this, it defaults to existing JAVA_HOME env or /usr/bin/java link)
* Merge debian packaging r491 from openjdk-6:
- Move the -lib files into a different location so that the java-7-openjdk
name can be used as a symlink.
- Symlink the jre/cmm directory, instead of the files inside. Closes: #639883.
* Regenerate the control file.
* Merge debian packaging r485:489 from openjdk-6:
- Build using GCC-4.4 on sparc and sparc64.
- Enable testsuite runs in s390x.
* Merge debian packaging r490 from openjdk-6:
- Set plugin name for the jinfo file. Closes: #638548,
- Disable the mauve testsuite on i386.
- Make the installation multiarch aware.
* d/patches/jdk-no-mapfile.diff: Re-add was not merged into
current (e46d527097f1) revision but latter.
* Update to IcedTea7 (20110821):
- JamVM updates.
- S7070134,S7044738,S7068051,S7073913: Fix random segfaults
and related invalid results from loop unroll optimization.
- d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest.
[ Matthias Klose ]
* Build using GCC-4.4 on mips/mipsel. Closes: #628620.
* Merge debian packaging r482:485 from openjdk-6:
- Call dbus-launch --exit-with-session in testsuite. Closes: #612394.
- Build for s390x using Zero.
[ Damien Raude-Morvan ]
* d/patches/kfreebsd-support-hotspot.diff: Add workaround
to handle #637378.
* d/generate-dfsg-zip.sh: Update to also handle langtools.tar.gz.
Closes: #623693.
* d/patches/kfreebsd-support-hotspot.diff: Fix access to CPU registry under
kfreebsd-amd64.
* d/patches/kfreebsd-support-jamvm.diff: Add support for kfreebsd-amd64.
* d/patches/kfreebsd-support-hotspot.diff: Small fixes for Hotspot on
kfreebsd-i386.
* Split d/patches/hotspot-s390.diff and zero-missing-headers.diff.
* Re-add missing changes from last upload:
- patches/use-idx_t.patch: Edit upstream patch to avoid FTBFS on s390.
- Makefile.{am,im}: Force bootclasspath (useful when building from
openjdk-6).
* Update to icedtea7-forest snapshot (20110804):
- d/patches/pr753.diff: drop, merged in icedtea7-forest.
- d/patches/pr757.diff: drop, merged in icedtea7-forest.
- d/patches/zero-jsr292-fixes.diff: drop, merged in icedtea7-forest.
- d/patches/no-compiler-path.diff: drop, now handled correctly icedtea7's
configure and openjdk's Makefile (by CC and CXX environment variables).
- Updated JamVM to the 2011-08-01 revision.
[ Damien Raude-Morvan ]
* d/patches/zero-fpu-control-is-noop.diff: Remove ShouldNotCallThis from
os_linux_zero.cpp (fix crash under i386).
* d/rules: Enable support for GNU/kFreeBSD arch:
- d/patches/kfreebsd-support-*: Update with latest fixes.
- d/patches/kfreebsd-sync-issues.diff: hack to force some wait
until we fix sync issues.
- d/rules: Enable shark for GNU/kFreeBSD.
* d/rules: Use DEB_HOST_ARCH_CPU for jvmarch/archdir. Thanks to
Jérémie Koenig <jk@jk.fr.eu.org> for patch.
* d/patches/jexec.diff: Update for openjdk-7.
* d/JB-jdk.overrides.in: Fix override for new Lintian 2.5.0 path handling.
* d/icedtea-7-jre-jamvm.overrides: As for others libjvm.so, we use
--strip-debug instead of --strip-unneeded.
* d/source.lintian-overrides: Drop, not used anymore in openjdk-7.
[ Matthias Klose ]
* Merge debian packaging r472:482 from openjdk-6:
- openjdk-6-jre-headless: Depend on icedtea-6-jre-jamvm, if it's
the default VM.
- Use gcj-4.4 as the stage1 java VM on mips and mipsel.
- Make JamVM the default VM on Ubuntu oneiric/ARM.
* New b147 code drop (OpenJDK7 RC1).
[ Matthias Klose ]
* Fix build on sparc64.
* Recognize 32bit user space on sparc.
* Build shark using llvm-2.9.
[ Damien Raude-Morvan ]
* d/patches/zero-jsr292-fixes.diff: Fixes on Zero/Shark for JSR 292 support
from Chris Phillips <ChrisPhi@lgonqn.org>.
* d/generate-dfsg-zip.sh: Update for OpenJDK7 as a first step to get #623693
fixed.
* d/patches/kfreebsd-*: WiP patches for GNU/kFreeBSD support
(not yet enabled by default).
* Upload to experimental.
* Fix zero builds on non-ix86 architectures.
* Fix build on sparc.
* Build using jpeg8.
[ Damien Raude-Morvan ]
* New b143 code drop.
* Drop d/patches/7031385.diff: Merged upstream.
* Drop d/patches/jamvm-oj7.patch: Merged upstream.
* Manpages are now ja_JP.UTF-8 instead of ja_JP.eucJP
[ Matthias Klose ]
* Apply fix for IcedTea issue #753, #757.
* Update s390 hotspot build fixes.
* Re-enable zero on i386.
* Disable zero on i386.
* Upload to oneiric.
[ Matthias Klose ]
* Fix non-bootstrap builds.
* Merge debian packaging r469:472 from openjdk-6.
* Run jtreg tests using JamVM too.
* Don't run the jtreg tests with the NSS security provider enabled.
* Update JamVM to 20110528.
* Re-enable the zero build, keep the shark builds disabled.
[ Damien Raude-Morvan ]
* Only apply jamvm-oj7.patch when jamvm build in enabled.
* New upstream release: Icedtea 1.14.
- debian/patches/jamvm-oj7.patch: support new instruction
(JVM_FindClassFromBootLoader) in JamVM.
- Makefile.am: Fix some missing depends between
patch and extract targets.
* debian/patches/nonreparenting-wm.diff: Update.
* Replace B-D on libxalan2-java by xsltproc for bootstrapping JMVTI.
* Don't use GCJ_SUFFIX=4.6 for sid/wheezy/oneiric as GCJ version
is not homogeneous between arch.
* Enable JamVM support:
- d/control: Add B-D on libtool.
* Re-add build dependency on fastjar.
* Fix dependency on liblcms2-2.
* Fix liblcms dependency for -jre-headless package.
* Re-add build dependency on fastjar.
* Fix build failure on i386 with GCC 4.6.
[ Damien Raude-Morvan ]
* New b136 code drop:
- d/rules: Use jaxp-1_4_5-dev1.zip as jaxp-drop-zip.
- d/patches/icedtea-pretend-memory.diff: Refreshed.
[ Matthias Klose ]
* Fix -jre-lib dependency on -jre. Closes: #624846.
* Add lcms configury.
* Remove obsolete conflicts. Closes: #624090.
* Add copyright for the rewriter class. Addresses part of #623693.
* Lower priorities for the alternatives below these of OpenJDK 6,
as long as OpenJDK 7 is not yet released.
* Don't build HotSpot with -Werror on architectures other than amd64
and i386.
* New b130 code drop.
* Merge debian packaging r464:469 from openjdk-6.
* Do not bump the epoch, package was never uploaded to any official
repository.
* New b129 code drop.
* Bump epoch to 1 and use ~ to indicate that's not openjdk-7 final relaase.
* New b128 code drop.
* Exclude "release" file for dh_install.
* Merge debian packaging r446:464 from openjdk-6
but keep the following changes :
- Replace DISABLE_PRECOMPILED_HEADER=1 by USE_PRECOMPILED_HEADER=0
- Use "ant, ant-optionnal" for all distrel
- Drop "with_hotspot" variable (only one hotspot supported by IcedTea7)
- Drop --enable-xrender (not supported by IcedTea7)
* New b125 code drop:
- d/rules: Use new archives by --with-*-src-zip
* Refresh patches:
- d/patches/shebang.diff: Year updated
- d/patches/ld-symbolic-functions.diff and
d/patches/no-compiler-path.diff: Changed corba generic Makefiles.
- d/patches/default-jvm-cfg.diff and d/patches/set-exec-name.diff:
Upstream merged "solaris" and "linux" java.c and java_md.c
* Drop patches:
- d/patches/too-many-args-ftbfs.diff (merged upstream)
- d/patches/sparc.diff (merges upstream)
- d/patches/hotspot-include-fixes.diff (includeDB dropped upstream)
* Build for lucid.
* Build openjdk-7 snapshot (7b106)
* Symlink timezone data.
* Disable shark builds, currently broken in 7b106.
* Update to the IcedTea 1.13 release.
* openjdk-7-jre: Recommend ttf-dejavu-extra. LP: #569396.
* Include docs in the -doc package. LP: #600834.
* Update from the IcedTea6 trunk.
- Plugin and netx fixes.
- Don't link the plugin against the libxul libraries. Closes: #576361.
- More plugin cpu usage fixes. Closes: #584335, #587049.
- Plugin: fixes AppletContext.getApplets().
* Fix Vcs-Bzr location. Closes: #530883.
* Search for unversioned llvm-config tool.
* Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641.
* Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font.
LP: #472845.
* Strip libjvm.so with --strip-debug instead of --strip-unneeded.
LP: #574997.
* Fix inter-package dependencies.
[ Damien Raude-Morvan ]
* Merge debian packaging r403:430 from openjdk-6.
* Add myself to Uploaders.
* Build openjdk-7 snapshot (7b89)
* Use ant+ant-optional (IcedTea7 support ant 1.8).
* Merge debian packaging r431:436 from openjdk-6.
[ Matthias Klose ]
* Merge debian packaging r430:445 from openjdk-6.
* Update debian patches to 7b89.
* Reenable the two stage build.
* Reenable building cacao.
* Reenable building zero.
* Build openjdk-7 snapshot (7b77).
* Merge debian packaging r391:403 from openjdk-6.
* Build openjdk-7 snapshot (7b72).
* Merge debian packaging r371:391 from openjdk-6.
* Disable the zero build for now.
* Build openjdk-7 snapshot (7b66).
* Merge debian packaging r362:371 from openjdk-6.
* Reenable the build of zero.
* Reapply fontconfig patch.
* Apply icedtea-cacao-no-mmap-first-page patch.
* Build openjdk-7 snapshot (7b59).
* Merge debian packaging r205:362 from openjdk-6.
* Add build dependency on libxrender-dev.
* Don't use fastjar on ia64, working around a build failure.
* Add configury for shark builds.
* Build openjdk-7 snapshot (7b40).
* Update packaging for openjdk-7.
* IcedTea6 1.10.1 release.
* Upload to experimental.
* Update from the IcedTea6-1.10 release branch (20110325).
* Add multiarch directories to the default library path. LP: #737603.
* Fix JamVM build on mips/mipsel (Robert Lougher).
* Re-enable the JamVM build on mips/mipsel.
* Mention that IcedTea is copyrigh GPLv2 + "CLASSPATH" EXCEPTION.
Closes: #611269.
* Don't run the jdk checks for the alternate builds (hotspot and
langtools checks are still run).
* Disable the JamVM build on mips/mipsel.
* Upload to experimental.
* Disable the jdk tests with the Shark, JamVM and Cacao VMs.
* IcedTea6 1.10 release.
* Update from the IcedTea6 trunk (20110224).
* icedtea-6-jre-jamvm: Build JamVM as an alternative VM,
start with `java -jamvm'.
* Update from the IcedTea6 trunk (20110217).
* Update hotspot hs20 (not yet enabled).
* Add ppc64 packaging bits.
* Upload to experimental.
* Update to 6b21.
* Fix shark build on powerpc.
* Update from the IcedTea6 trunk (20101223).
* Update from the IcedTea6 trunk (20101126).
* Update hotspot hs19.
* Fix build failures on ia64, s390 and sparc64.
* Reenable shark on amd64, but build using llvm-2.7.
* Don't try to set up an alternative for javaws
* Stop building zero/shark on amd64. Fails the self tests.
* Don't include OpenJDK's javaws either.
* openjdk-6-jre: Recommend icedtea-netx.
* Update from the IcedTea6 trunk (20101020).
* Remove the plugin and javaws from the packaging, removed upstream.
* Build with hotspot 19.
* Snapshot, taken from the IcedTea6 trunk (20101013).
* Upload to experimental.
* IcedTea6 1.9.2 release.
- CVE-2010-3860: Fix IcedTea System property information leak via
public static.
* Build using Hotspot hs19.
* Start metacity using dbus-launch, when running the testsuite. LP: #632594.
* Move all japanese man pages belonging to the jre into the -jre package.
Closes: #600765.
* Add -jdk replaces for -jre and -jre-headless. Closes: #600809.
* Fix upgrade to symlinked timezone data. Closes: #600359.
* Move all japanese man pages belonging to the jre into the -jre package.
Closes: #600765.
* Upload to experimental.
* IcedTea6 1.9.1 release.
- Security updates:
- S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation.
- S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition.
- S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities.
- S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free.
- S6938813, CVE-2010-3557: OpenJDK Swing mutable static.
- S6957564, CVE-2010-3548: OpenJDK DNS server IP address information
leak.
- S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability.
- S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution.
- S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution.
- S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies.
- S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe
reflection usage.
- S6623943: javax.swing.TimerQueue's thread occasionally fails to start.
- S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows
receiving connections from any host.
- S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue
(Http request splitting).
- S6952603, CVE-2010-3551: NetworkInterface reveals local network
address to untrusted code.
- S6961084, CVE-2010-3541: limit setting of some request headers in
HttpURLConnection.
- S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to
mismatch in character counts.
- S6980004, CVE-2010-3573: limit HTTP request cookie headers in
HttpURLConnection.
- S6981426, CVE-2010-3574: limit use of TRACE method in
HttpURLConnection.
- Plugin fixes.
- Backports from newer IcedTea releases.
* Upload to experimental.
* IcedTea6 1.9 release.
* Update from the IcedTea6 trunk.
* Really let the build fail on armel.
* Update from the IcedTea6 trunk.
- (CVE-2010-2783): IcedTea 'Extended JNLP Services' arbitrary file access.
- (CVE-2010-2548): IcedTea incomplete property access check for unsigned
applications
* openjdk-6-jre: Recommend ttf-dejavu-extra. LP: #569396.
* Explicitely fail the build on armel. The ARM assembler interpreter is
disabled and would a 3-5x performance regression compared to the current
6b18 armel binaries in the archive.
* Upload to experimental.
* Include docs in the -doc package. LP: #600834.
* Update from the IcedTea6 trunk.
- Plugin and netx fixes.
- Don't link the plugin against the libxul libraries. Closes: #576361.
- More plugin cpu usage fixes. Closes: #584335, #587049.
- Plugin: fixes AppletContext.getApplets().
* Fix Vcs-Bzr location. Closes: #530883.
* Search for unversioned llvm-config tool.
* Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641.
* Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font.
LP: #472845.
* Strip libjvm.so with --strip-debug instead of --strip-unneeded.
LP: #574997.
* Upload to experimental.
* Shark & CACAO build fixes.
* Update to 6b20 code drop.
* Update from the 1.8 branch.
- Plugin and netx fixes.
- Don't link the plugin against the libxul libraries. Closes: #576361.
- More plugin cpu usage fixes. Closes: #584335, #587049.
- Plugin: fixes AppletContext.getApplets().
- Fix race conditions in plugin initialization code that were causing
hangs when loading multiple applets in parallel.
* Fix Vcs-Bzr location. Closes: #530883.
* Search for unversioned llvm-config tool.
* Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641.
* Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font.
LP: #472845.
* Strip libjvm.so with --strip-debug instead of --strip-unneeded.
LP: #574997.
* Don't turn on the ARM assembler interpreter when building the shark
VM.
* Update from the 1.8 branch.
- Plugin fixes. LP: #597714.
* Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359.
* Work around build failure on buildds configured with low ARG_MAX
(Giovanni Mascellani). Closes: #575254.
* Update from the 1.8 branch.
- Plugin fixes. LP: #597714.
* Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359.
* Work around build failure on buildds configured with low ARG_MAX
(Giovanni Mascellani). Closes: #575254.
* Search for unversioned llvm-config tool.
* Upload to maverick.
* Update from the 1.8 branch.
- Fix build on Hitachi SH. Closes: #575346.
- Shark and Zero fixes.
* Build shark using llvm-2.7.
* Don't use shark to run the test harness when testing the shark build.
* README.Debian: Add paragraph about debugging the IcedTea NPPlugin.
* Upload to unstable.
* Update IcedTea6 to the icedtea6-1.8 release.
* Fix builds on Ubuntu/dapper and Debian/lenny.
* On hppa, configure --without-rhino --disable-plugin.
* Fix Hitachi SH configury. Closes: #575346.
* Start a window manager when running the tests. Prefer metacity,
as more tests pass with it.
* Let XToolkit.isTraySupported() return true, if Compiz is running.
Works around sun#6438179. LP: #300948.
* Make <java_home>/jre/lib/security/nss.cfg a config file.
* Fail in the configuration of the packages, if /proc is not mounted.
java currently uses tricks to find its own shared libraries depending
on the path of the binary. Will be changed in OpenJDK7. Closes: #576453.
* Fix PR icedtea/469, testsuite failures with the NSS based security
provider. LP: #556549.
* Do not pass LD_LIBRARY_PATH from the plugin to the java process.
While libnss3.so gets loaded from /usr/lib, the dependent libraries
are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox
config). LP: #561124.
Closes as well: LP: #551328, #554909, #560829, #549010, #553452.
* Always build shark with hs14.
* Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev,
unexpectedly demoted to universe.
* icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way
to do better? See #552780.
* Fix builds on Ubuntu hardy.
* Upload to unstable.
* Fix typo in NPPlugin code. LP: #552287.
[ Matthias Klose ]
* Update IcedTea6 form the 1.8 branch.
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
- (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
if run with -Xcomp (6894807).
- (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
(6899653).
- (CVE-2010-0082): Loader-constraint table allows arrays instead of
only the base-classes (6626217).
- (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
network addresses (6893954) [ZDI-CAN-603].
- (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
- (CVE-2010-0091): Unsigned applet can retrieve the dragged information
before drop action occurs (6887703).
- (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
- (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
(6633872).
- (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
error (6888149).
- (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
enforce stricter checks (6893947) [ZDI-CAN-588].
- (CVE-2010-0093): System.arraycopy unable to reference elements
beyond Integer.MAX_VALUE bytes (6892265).
- (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
Vulnerability (6904691).
- (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
- (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
(6914866).
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
- 6639665: ThreadGroup finalizer allows creation of false root
ThreadGroups.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
encoded CommonName OIDs.
- 6910590: Application can modify command array in ProcessBuilder.
- 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
- 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- 6898739: TLS renegotiation issue.
[ Torsten Werner ]
* Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too.
(Closes: #575163)
[ Matthias Klose ]
* Update IcedTea build infrastructure (20100321).
* Update support for SH4 (Nobuhiro Iwamatsu).
* Handle renaming of the plugin name.
[ Torsten Werner ]
* Improve patch for IPv4 mapped IPv6 addresses even more.
(Closes: #573742)
* Fix build failure on ARM.
* Upload to lucid.
* Update IcedTea build infrastructure (20100310).
* Disable building the plugin the plugin on alpha (borked xulrunner
packaging using binary indep packages).
* Use a two stage build on alpha.
* Add note about the reparenting WM workaround. Closes: #573026.
* Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane).
Closes: #572511.
* openjdk-6-doc: Don't compress package-list files. Closes: #567899.
* Improve patch for IPv4 mapped IPv6 addresses.
* Add a patch for improved handling of IPv4 mapped IPv6 addresses.
(Closes: #560056, #561930, #563699, #563946)
* Change Build-Depends: ant1.7-optional because of a bus error in gij.
* Ignore error code running ant -diagnostics.
* Build-depend on ant-optional.
* Disable the cacao build on armel, fails to build with the non
bootstrap build.
* Upload to unstable.
* New Openjdk6 b18 source code drop.
* Use mangled copy of rhino. Closes: #512970. LP: #255149.
* ARM Thumb2 updates.
* Test build using Hotspt hs14 on ix86.
* Upload to unstable.
* New Openjdk6 b18 source code drop.
* Use mangled copy of rhino. Closes: #512970. LP: #255149.
* ARM Thumb2 updates.
* Test build using Hotspt hs14 on ix86.
* Upload to unstable.
* IcedTea6 1.7 release.
* Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999.
* Run the testsuite on sh4.
* Ubuntu only: Implement an execute bit checker for the Non-Exec Policy
- debian/JB-java.desktop.in: update mime handler to use new launcher.
* armel: Apply the thumb2 patches from the trunk, plus proposed patches
for the trunk.
* Build from the IcedTea6-1.7 branch.
* Don't build the plugin on sparc64.
* Enable the NPPlugin.
* Add support for SH4 (Nobuhiro Iwamatsu).
* Fix crash in the ARM assembler interpreter (Edward Nevill).
* Update IcedTea build infrastructure (20091224).
* Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by
xvfb-run).
* Upload to lucid.
* Update IcedTea build infrastructure (20091218).
* Install docs into the openjdk-6-jre-headless directory instead of
openjdk-6-jre.
* Update IcedTea build infrastructure (20091215).
* Fix cacao build on armel with current optimization defaults.
* Upload to unstable.
* Security updates:
- (CVE-2009-3728) ICC_Profile file existence detection information leak
(6631533).
- (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445).
- (CVE-2009-3881) resurrected classloaders can still have children
(6636650).
- (CVE-2009-3882) Numerous static security flaws in Swing (findbugs)
(6657026).
- (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138).
- (CVE-2009-3880) UI logging information leakage (6664512).
- (CVE-2009-3879) GraphicsConfiguration information leak (6822057).
- (CVE-2009-3884) zoneinfo file existence information leak (6824265).
- (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062).
- (CVE-2009-3873) JPEG Image Writer quantization problem (6862968).
- (CVE-2009-3875) MessageDigest.isEqual introduces timing attack
vulnerabilities (6863503).
- (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
denial of service (6864911).
- (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357).
- (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643.
- (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358).
* Update IcedTea build infrastructure (20091109).
* Use hs16 on armel.
* Don't use hs16 on armel and sparc.
* New code drop (b17).
* Bump hotspot to hs16.
* Update IcedTea build infrastructure (20091031).
* Set priority of default -jre and -jdk packages to optional.
* Fix binary-all to binary-any dependencies. Closes: #550680.
* Build-depend on xulrunner-dev (>= 1.9.1.3-3).
[Matthias Klose]
* On armel and powerpc, build an additional VM using shark in the
openjdk-6-jre-zero package (java -shark <args>). Requires llvm-2.6.
* Hide the desktop menu entry for WebStart. LP: #222180.
* Don't provide java-virtual-machine anymore.
[Edward Nevill]
* Avoid stack overflows in the arm interpreter.
* Support PKCS11 cryptography via NSS, now allowing import of all
certificates from ca-certificates.
* Remove Michael Koch from uploaders, request by himself.
* Add the doc dir symlink for openjdk-6-jre-zero when the package
is built with shark support.
* Fix dependency on the java bridge packages.
* debian/rules: Conditionalize stuff so that the recent release
is never mentioned.
* Remove obsolete patches in debian/patches.
* Rebuild on armel to fix up libffi for the soft float abi.
* For jaunty builds, fix IcedTeaPlugin failure to start with xulrunner 1.9.1
(LP: #359407).
- debian/patches/icedtea-plugin-use-runtime-nsIProcess-IID.diff: Add.
- debian/rules: Apply it for jaunty builds.
* Use pulseaudio as default serviceprovider for
javax.sound.midi.MidiSystem and javax.sound.sampled.AudioSystem.
LP: #407299.
* Upload to Debian unstable.
* Update IcedTea6 to the 1.6.1 release.
* Work around GCC PR target/41327, build the JDK on s390 with -O2.
* Update IcedTea6 to the 1.6 release.
* Fix GCC build dependencies.
* Upload to unstable.
* Update IcedTea from the 1.6 release branch:
- Fix buffer overflow in debugger's socket handler (Kees Cook).
https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736.
- plugin fixes.
* Move the pulseaudio recommendation to a suggestion, don't build-depend
on pulseaudio. Closes: #539394. LP: #361408.
* Build for armv6 (on armel).
[ Kees Cook ]
* debian/rules: Re-enable fortification and stack protector
(LP: #330713).
* Adding stack markings to the x86 assembly for not using executable
stack. LP: #419018.
* Test build (icedtea6-1.6 release branch).
* Add explicit build dependency on libgtk2.0-dev.
* Bump hotspot to hs14b16.
* Update IcedTea build infrastructure (20090805).
* patches/java-access-bridge-security.patch: Update.
* Build-depend on xulrunner-dev instead of xulrunner-1.9-dev on karmic.
* Don't recommend the jck fonts anymore, just suggest them; the appropriate
fonts are installed as dependencies of the language packs.
* Build using GCC-4.4 on sparc as well, require 4.4.1.
* Fix build failure building the zero VM.
[Matthias Klose]
* Update IcedTea build infrastructure (20090715).
* Tighten build dependency on llvm-dev.
[Edward Nevill]
* Add armv4 compatibility.
[Edward Nevill]
* Added Bytecode Interpreter Generator.
* Added ARM templates for above.
* Removed old optimised ARM assebler.
* Added -g0 because of problems with ld linking -g.
* Changed alignment to 64 now that as bug is fixed.
[Matthias Klose]
* Update IcedTea build infrastructure (20090710).
* Let the -jre package depend on the access-bridge package, not the
-jre-headless package. LP: #395074.
* Suggested by Ed Nevill:
- Pass -timeout:3 when running the jtreg testsuite on zero architectures.
- Pass -Xmx256M -vmoption:-Xmx256M on armel for the jtreg testsuite run.
* Tighten build dependency on llvm-dev.
* Update zero-port-opt patch on armel.
* Update IcedTea build infrastructure (20090623).
* Reapply the zero-port-opt patch on armel.
* Do not use the IPA Mona font family by default. Closes: #521233.
* Build cacao with -fno-strict-aliasing.
* Build the zero binary package when building with shark.
* Build-depend on cpio. Closes: #532963.
* Update IcedTea build infrastructure (20090612).
* Install the libaccess-bridge-java* symlinks again.
* Build zero on ix86 architectures with JIT support (shark). To use the zero
build without shark, use the `-Xint' option to operate in interpreted-only
mode.
* Don't install libaccess-bridge-java* symlinks until
libaccess-bridge-java-jni is available on all architectures.
* Add missing build dependency on cacao-source.
* Upload to unstable, based in 6b16 and IcedTea 1.5.
* Update to hotspot hs14b15.
* Provide symlink for libjava-access-bridge-jni.so. LP: #375347.
* Update IcedTea build infrastructure (20090513).
* Fix build failure when xvfb-run doesn't work, trying to access a
non-existing directory.
* Add libffi-dev as architecture independent build dependency.
* Update to re-tagged code drop (b16).
* Update IcedTea build infrastructure (20090510).
* Remove patches integrated in IcedTea.
* Remove GCJ Web Plugin support.
* Remove build infrastructure to build additional VM's, integrated
in IcedTea.
* Stop building the openjdk-6-source-files package.
* README.Debian: Document using the different VM's.
* Use GCC-4.3 on sparc, ICE with GCC-4.4.
* Fix problem with the ARM assembler interpreter, when executing a 'new'
bytecode with a double on the top of the stack (Edward Nevill).
* Run the testsuite for the zero build on ix86 architectures.
* New code drop (b16).
* Update IcedTea build infrastructure (20090429).
* Merge changes from 6b14-1.4.1.
* Fix section names (using the java section).
* Remove all UTF-8 sequence definitions from the font configuration.
* Reenable the testsuite (revert the change in last upload).
* Apply fix for the ARM bytecode interpreter (Edward Nevill).
* Don't use some indian fonts with diverging font metrics for the
latin-1.UTF-8 encoding. LP: #289784.
* Disable running the testsuite for this build (no code changes compared
to the previous upload).
* Fix native2ascii jdk test case, which let the jdk testsuite fail.
[Matthias Klose]
* Update to the final CACAO 0.99.4 release.
* Security Vulnerability Fixes for OpenJDK:
- 6522586: Enforce limits on Font creation.
- 6536193: flaw in UTF8XmlOutput.
- 6610888: Potential use of cleared of incorrect acc in JMX Monitor.
- 6610896: JMX Monitor handles thread groups incorrectly.
- 6630639: lightweight HttpServer leaks file descriptors on no-data
connections.
- 6632886: Font.createFont can be persuaded to leak temporary files.
- 6636360: compiler/6595044/Main.java test fails with 64bit java on
solaris-sparcv9 with SIGSEGV.
- 6652463: MediaSize constructors allow to redefine the mapping of
standard MediaSizeName values.
- 6652929: Font.createFont(int,File) trusts File.getPath.
- 6656633: getNotificationInfo methods static mutable (findbugs).
- 6658158: Mutable statics in SAAJ (findbugs).
- 6658163: txw2.DatatypeWriter.BUILDIN is a mutable static (findbugs).
- 6691246: Thread context class loader can be set using JMX remote
ClientNotifForwarded.
- 6717680: LdapCtx does not close the connection if initialization fails.
- 6721651: Security problem with out-of-the-box management.
- 6737315: LDAP serialized data vulnerability.
- 6792554: Java JAR Pack200 header checks are insufficent.
- 6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8].
- 6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp].
- 6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1].
* Add security patch for the lcms library.
* Add accessibility patches java-access-bridge-security.patch and
accessible-toolkit.patch.
* Merge fixes for testsuite failures from the IcedTea6 branch.
* Merge the proxy support for the plugin from the IcedTea6 branch.
* Merge http://icedtea.classpath.org/hg/release/icedtea6-1.4.1/rev/546ef0cdee06
(TJ). LP: #344705.
* Add a Xb-Npp-Description for the IcedTea plugin. LP: #272010.
[Edward Nevill]
* Put VFP back in - selects VFP / novfp autmatically
* More assembler optimisations
* Disable the additional zero JVM on sparc.
* patches/hotspot/default/icedtea-includedb.patch: Add missing include in
openjdk/hotspot/src/share/vm/includeDB_core.
* Fix build failure of the zero VM on lpia with a fixed GCC.
* Build the Zero/Shark VM as an additional JVM (call as `java -zero').
* Fix zero-port-opt patching (build failure on armel).
* Update IcedTea to the 1.4.1 release.
* Build the Cacao VM as an additional JVM (call as `java -cacao').
* Build in separate build directory.
* Fix build failure on armel.
* Require the final cacao-0.99.4 release.
* Add /usr/lib/jni to the library path. Closes: #517338.
* Disable the additional zero JVM on sparc.
* Fix casts in hotspot on s390. Closes: #518823.
* Add special flags for javac on s390 to work around a VM problem with bad
code generation during inlining.
* Run the testsuites for the default VM on all architectures.
* Update IcedTea (20090314).
* Don't configure the additional zero JVM with --enable-shark, currently
fails to build.
* Don't build the JDK when building the additional zero JVM.
* Build the Zero/Shark VM as an additional JVM (call as `java -zero').
* Update hotspot to 14.0-b10.
* Update IcedTea (20090305).
* Build the Cacao VM as an additional JVM (call as `java -cacao').
* Build in separate build directory.
[ Edward Nevill ]
* Remove VFP from asm loop
* Disble the mauve testsuite for armel.
[Matthias Klose]
* Update IcedTea (20090302).
* Regenerate auto files.
[ Edward Nevill ]
* Added ARM assembler interpreter loop
* mauve and jtreg removed again for alpha release
[Matthias Klose]
* Update IcedTea (20090218).
* Configure with --disable-nio2 on armel as well.
* Really configure with --disable-nio2.
* Configure with --disable-nio2.
* Run mauve and jtreg testsuites on armel.
[Edward Nevill]
* Performance improvements for the zero build (currently applied
on armel only).
[Matthias Klose]
* Update IcedTea (20090210).
* Explicitely remove PulseAudioMuteControl.java.
* Test build.
* Update IcedTea build infrastructure (20090125).
* Run the jtreg testsuite for cacao builds, save all test logs.
* Fix merge error, don't apply patches twice.
* debian/rules: Call dh_desktop. LP: #309999.
* Add dependency on libjpeg62 for the -headless package. LP: #318383.
* Test some jtreg tests which fail in samevm mode in a separate VM.
* Build all with -fno-stack-protector -U_FORTIFY_SOURCE.
* Include jtr files of failed tests in the -jdk package.
* The -source package now contains all source files. Closes: #504568.
* The 6b14 build fixes the following security related issues (sun bug number,
CVE, description):
- 6588160, CVE-2008-5348: jaas krb5 client leaks OS-level UDP sockets.
- 6497740, CVE-2009-5349: Limit the size of RSA public keys.
- 6484091, CVE-2008-5350: FileSystemView leaks directory info.
- 4486841, CVE-2008-5351: UTF-8 decoder needed adhere to Unicode 3.0.1
fixes.
- 6755943, CVE-2008-5352: JAR decompression should enforce stricter header
checks.
- 6734167, CVE-2008-5353: Calendar.readObject allows elevation of
privileges.
- 6733959, CVE-2008-5354: Insufficient checks for "Main-Class" manifest
entry in JAR files
- 6751322, CVE-2008-5356: Sun Java JRE TrueType Font Parsing Heap Overflow.
- 6733336, CVE-2008-5357: Crash on malformed font.
- 6766136, CVE-2008-5358: corrupted gif image may cause crash in java
splashscreen library.
- 6726779, CVE-2008-5359: ConvolveOp on USHORT raster can cause the JVM
crash.
- 6721753, CVE-2008-5360: File.createTempFile produces guessable file names.
- 6592792: Add com.sun.xml.internal to the "package.access" property in
$JAVA_HOME/lib/security/java.security.
* Regenerate the control file.
* Upload to the OpenJDK PPA for intrepid.
* Update IcedTea build infrastructure (20090113).
* Rebuild with updated nss/nspr packages.
* Update debug patches.
* debian/patches/nonreparenting-wm.diff: If the _JAVA_AWT_WM_NONREPARENTING
environment variable is set, disable all workarounds causing blank windows
in non-reparentizing window managers (Bernhard R. Link). Closes: #508650.
* Fix location of plugin for Debian. Closes: #505726.
* Let the -jdk package provide java-compiler. Closes: #507641.
* Use a default jvm.cfg not only for java, but for all jdk tools.
LP: #288616.
* Update IcedTea build infrastructure (20081223).
* Update IcedTea build infrastructure (20081217).
* Add support for PARISC.
* Use a default jvm.cfg if the jvm.cfg doesn't yet exist after unpacking
the runtime package. LP: #288616.
* Install hotspot tarball in -source-files package.
* Fix build failure on sparc.
* New code drop (b14).
* Update IcedTea build infrastructure (20081204).
* Update IcedTea build infrastructure (20081203).
- Fix build failures on zero based architectures.
* Add build dependency on libxrender-dev.
* Don't use fastjar on ia64, working around a build failure.
* Update IcedTea build infrastructure (20081202).
- Add Dec 3 OpenJDK security patches
* Build with --with-hotspot-build, update patches for this config.
* Update IcedTea build infrastructure (20081122).
- Fixes for the IcedTeaPlugin. LP: #300254.
* Fix versioned conflict on icedtea-gcjwebplugin. LP: #284299.
* Update IcedTea build infrastructure (20081121).
- Fixes for the IcedTeaPlugin.
* Configure with pulseaudio in jaunty.
* Update IcedTea build infrastructure (20081117).
* Use openjdk-6 as stage1 compiler on armel for a faster build.
* New code drop (b13).
- In the langtools area, besides a few miscellaneous bug fixes (6760834,
6725036, 6657499), all the langtools regression tests now pass out of
the box (6728697, 6707027) and if using the most recent version of
jtreg, the langtools regression tests can be run in the much faster
"same vm" mode of jtreg, enabled with the -s option (6749967, 6748541,
6748546, 6748601, 6759775, 6759795, 6759796, 6759996, 6760805, 6760930).
- Gervill update, including applying a patch from IcedTea (6758986,
6748247, 6748251).
- Publishing a few dozen additional existing regression tests as open
source (6601457, 6759433, 6740185).
- JMX and monitoring fixes (6651382, 6616825, 6756202, 6754672).
- Man page updates (6757036, 6392810, 6504867, 6326773).
- Assorted other fixes (6746055, 6621697, 6756569, 6356642, 6761678).
* Update IcedTea build infrastructure (20081111).
- Fix freeze in midi app, LP: #275672.
- Fixes in the IcedTeaPlugin: LP: #282570, LP: #282570, LP: #285729,
LP: #291377, LP: #37330, LP: #239533.
- Fix vertical text metrics with freetype scaler. LP: #289784.
* Build-depend on ecj-gcj instead of ecj on architectures using
gij/gcj as the bootstrap system.
* Fixed in 6b12: Stack overflow running Kea. LP: #244731.
* Update IcedTea build infrastructure (20081025).
* Make the dependency on ca-certificates-java unversioned.
* Merge from IcedTea:
- plugin/icedtea/netscape/javascript/JSObject.java: Make
long constructor public.
* Update IcedTea build infrastructure (20081024).
- Add --pkgversion=<package version> configure option.
- IcedTeaPlugin fixes.
- Fix xjc regressions.
* openjdk-jre-headless: Depend on ca-certificates-java.
* Configure with --pkgversion=<package version> to encode the package
version in the -version output and in vm dumps.
* cacao: Handle VM options Xverify:all and Xverify:none.
* Upload to experimental.
* Pretend the availability of at least 384MB RAM; better swap on the
buildds than failing the build.
* Update IcedTea build infrastructure (20081019).
- plugin fix (Make applet size factors doubles instead of ints).
* Don't fail the build when the jtreg summary is missing.
* openjdk-6-source-files: Fix priority and section of the binary package.
* Fix section of the plugin package.
* Update IcedTea build infrastructure (20081018).
- Fix LiveConnect issues in the web plugin. LP: #282762.
- Fail the build, if patches don't apply.
* Show xvfb and xauth failures in the build log, when running the testsuites.
* Kill processes which still hang after running the testsuite. Closes: #493339.
* Run the testsuite in parallel, reducing build time.
* openjdk-headless: Depend instead of recommending tzdata-java.
* icedtea6-plugin: Versioned conflict with icedtea-gcjwebplugin. LP: #184299.
* Don't configure --with-alt-jar=/usr/bin/fastjar on hotspot archs
and cacao builds. Working around a problem generating rt.jar. Manually
add the netscape/javascript files in zero builds.
* Update IcedTea build infrastructure (20081017).
- configury updates.
- IcedTeaPlugin update.
* openjdk-6-jdk: Suggest visualvm.
* Remove cacao patches found in cacao 0.99.4~20081012.
* Update IcedTea to the 1.3.0 release.
* Apply upstream patch to fix upstream issue 6758986.
* Upload to experimental.
* Update IcedTea build infrastructure (20081015).
* Add netscape/javascript class files to rt.jar. LP: #282762.
* Be more verbose in the icedtea6-plugin package description.
* Fix some lintian warnings.
* Update IcedTea build infrastructure (20081012).
* When building as cacao, build a cacao-oj6-plugin package.
* When building as cacao, run the testsuite on amd64, i386, sparc.
* Add finnish translations to the desktop files (Timo Jyrinki).
Closes: #494354.
* Fix font paths (Rob Gom). Closes: #495988.
* Reenable running the testsuite.
* Fix pulse-java build failure on amd64.
* Update IcedTea build infrastructure (20081011).
* debian/copyright: Add copyright notice for pulseaudio sound files.
* Add support to build with pulseaudio support.
* Move the plugin from the -jre package into the -plugin package.
* Update IcedTea build infrastructure (20081009).
* Configure with --enable-liveconnect, build an icedtea6-plugin package.
Thanks to Deepak Bhole.
LP: #207064, #195783, #199680, #202762, #220241, #242263, #242496,
#242496, #250292, #269885, #274356, #274360, #259313.
* Build an icedtea6-plugin package.
* Merge changes from 6b11-9 packaging.
* Build a openjdk-6-source-files packages (used as a build dependency
of cacao-oj6).
* Build depend on cacao-source for cacao-oj6 builds.
* Update IcedTea build infrastructure (20080915).
* Reapply: openjdk-6-jre-headless: Make libnss-mdns a suggestion
instead of a recommendation. LP: #261847.
* Build-depend against fixed fastjar. LP: #267177.
* Update the icedtea-hotspot patch to b12, fixing build failures
on zero archs (ia64, powerpc).
* New code drop (b12).
* Update IcedTea build infrastructure (20080912).
* Set minimum heap size independent of available memory for cacao builds.
* Link the wrapper tools with -rdynamic for cacao builds.
* Update cacao based builds:
- Update cacao to 0.99.3, remove patches applied upstream.
- Fix build failures on mipsel-linux.
* Allow setting of the bootstrap compiler per architecture.
* Configure --with-alt-jar set to fastjar to speed up builds.
* Update IcedTea build infrastructure (20080815), remove local patches
integrated in IcedTea.
- Make use of unsigned/signed types explicit.
- Fix PR icedtea/184, adding support for returning floats and doubles
for zero builds.
- Fix Fix PR icedtea/181, class type checks.
* debian/rules (stamps/mauve-build): Configure with --host and --build.
* openjdk-6-jdk: Recommend libxt-dev (jawt_md.h header includes).
* Fix build issues on s390 (size_t is unsigned long).
* Update IcedTea build infrastructure (20080801).
- Fix typo, causing build failure on mipsel.
* Include the name of the VM used in the package description.
* Update IcedTea build infrastructure (20080731).
* Build for alpha, arm, mips and mipsel.
* Switch from libcupsys2(-dev) to libcups2(-dev) for newer releases.
(Closes: #492384)
* Add symlinks for header files found in JAVA_HOME/include/linux in
JAVA_HOME/include.
* openjdk-6-jre: Don' recommend lesstif2 anymore.
* xvfb seems to be broken when running with intrepid and an intrepid kernel.
Nevertheless, run xvfb-run -s "-extension GLX" on the buildds (hardy kernels).
* Stop the buildwatch process after the testsuite finishes.
* Update IcedTea build infrastructure (20080724).
* debian/buildwatch.sh: Track long building files with no visible output.
* Fix build failure when not running the mauve testsuite.
* Disable running the testsuite for cacao builds (leaving processes around).
* Don't set a soversion for the cacao libjvm.
* Configure with --host and --build.
* Call xvfb-run with -s "-extension GLX".
* Update IcedTea build infrastructure (20080724).
* debian/buildwatch.sh: Track long building files with no visible output.
* Fix build failure when not running the mauve testsuite.
* Disable running the testsuite for cacao builds (leaving processes around).
* Don't set a soversion for the cacao libjvm.
* Configure with --host and --build.
* Regenerate the control file.
* New code drop (b11).
* Update IcedTea build infrastructure (20080721).
* debian/generate-dfsg.sh: Update for b11.
* debian/patches/const_strings.patch, debian/patches/issue-6659207.diff:
Remove, applied upstream.
* debian/generate-debian-orig.sh: Fix /proc check.
* debian/control.in: Loosen dependency of -jre-lib on -jre.
* Support `nodocs' in DEB_BUILD_OPTIONS.
* Remove build-dependency on lesstif2-dev.
* Bootstrap using gcj on all archs; the 6b10dfsg-2 packages are broken.
* Run the jtreg harness in a virtual X environment.
* Install javazic.jar in the jre-lib package.
* Don't run the testsuite on arm; the build already takes days; only
run the testsuite on hotspot archs and powerpc.
* Update IcedTea build infrastructure (20080714).
* On arm configure cacao builds with --enable-softfloat.
* Don't run the mauve testsuite for cacao builds (hangs the test runner
process).
* Don't configure cacao builds with --enable/-disable-zero.
* Don't remove alternatives on upgrade.
* debian/copyright: Add license for NanoXML.
* Do recommends ttf-indic-fonts instead of ttf-indic-fonts-core for
lenny and sid. Closes: #490619.
* Ignore errors when registering the jar binfmt. The alternative may
already be registered by another JVM. Closes: #490594.
* openjdk-6-jre-headless: Depend on ttf-dejavu-core instead of ttf-dejavu.
* On amd64, i386 and sparc, bootstrap using openjdk.
* Update IcedTea build infrastructure (20080702).
- Do not configure --with-shark by default.
- Update license headers from jdk7.
* Start debian/buildwatch.sh for armel and sparc builds as well.
* Allow configuration with --with-cacao.
* The rebuilt upstream tarball now has GPL-compatible free software licenses
and documented copyrights and licenses. LP: #238569.
* Fixed name of the xulrunner-1.9-javaplugin.so in the .jinfo file.
LP: #226911.
* Ignore errors during activation of class data sharing. Closes: #490617,
#490672.
* Rebuild the upstream tar ball:
- Remove the jscheme jar files.
- Apply the patch from Iris Clark (Sun) for the copyright headers
(http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=141#c4).
- Remove jdk/src/share/classes/java/lang/instrument/package.html.
- Upload to main.
* Update IcedTea build infrastructure (20080628).
* Build an openjdk-6-dbg package.
* patches/gcc-mtune-generic.diff: Fix typo.
* openjdk-6-jre: Depend on ttf-dejavu.
* debian/copyright: Add two more copyright holders, not directly
mentioned in the third party readme.
Replace Apache 2.0 license with pointer to common-licenses.
* Fix more lintian warnings.
* debian/sun_java_app.xpm: Downsize icon to 32x32 pixels.
* Build-depend/depend on rhino.
* New code drop (b10).
- Still some non-compliant license headers found in
openjdk/corba/src/share/classes/com/sun/tools/corba/se/idl.
- Upload to non-free.
* Update IcedTea build infrastructure (20080603).
* In fontconfig.properties, fix Korean font names and add paths to the Luxi
fonts for Motif. Add fonts for Indic languages.
* Install compilefontconfig.jar in openjdk-6-jre-lib package.
* Run the testsuites of hotspot, langtools and jdk.
* Include the jscheme-5.0 sources in the tarball, mention the jscheme
licenses in debian/copyright.
* Use the certificates provided by the ca-certificates-java package.
* More fontconfig updates (Arne Goetje).
* Fix some lintian warnings.
* Correct build-dependency for openjdk based bootstraps.
[ Matthias Klose ]
* New code drop (b09).
* Update IcedTea build infrastructure (20080528).
- Add missing color profiles. LP: #225174.
- Moved system properties defined in hotspot to TrustManagerFactoryImpl.
LP: #224455.
* 6636469_v4.diff: Remove, committed in IcedTea.
* debian/control: Update Vcs-* attributes.
* debian/JB-jre-headless.p*.in: Fix update-binfmts calls.
* Compress the man pages, fixing the slave symlinks of the alternatives.
* javaws.desktop: Add `%u' to the Exec key, remove -viewer option.
* openjdk-6-jre-headless: Recommends libnss-mdns.
* openjdk-6-jre-headless: Warn about unmounted /proc file system.
* debian/JB-jre.mime.in: Remove the -viewer option from command (Tan Rui
Boon).
* Add a `docs' symlink pointing to /usr/share/doc/openjdk-6. LP: #218405.
* Set maintainer to the team list.
* Add copyright notices for patches and generated files.
* Add helper scripts to modify upstream tarball and generate the debian
tarball.
* Fix names for browser alternatives in jinfo file, set browser_plugin_dirs
unconditionally.
* Recommend the ttf-wqy-zenhei font instead of ttf-arphic-uming, if the
latter is available in Truetype Collection (TTC) format only, add the
fontconfig changes as a patch.
* Make the cjk font packages configurable in the control file.
* Use GCC-4.3 on all platforms where available.
* Install a config file swing.properties, allowing a user to change
the default look and feel. LP: #229112.
* When trying to determine the executable name reading /proc/self/exe,
discard known prefixes used for unionfs mounts. LP: #224110.
* Explicitely configure with --disable-zero on hotspot architectures.
* Add fix for issue 6659207, access violation in CompilerThread0.
Addresses #478560. Needs checking: LP: #229207.
* Disable building the docs on ia64, powerpc and sparc, we don't build
architecture independent packages on these architectures.
* Explicitely configure --with-parallel-jobs, needed by the updated IcedTea.
* Backport the linux-sparc patches, enable building on sparc. LP: #154080.
* Don't use an absolute path calling the compiler.
* Replace the OpenJDK version in desktop and menu files.
* Install menu files.
* Install openjdk-6-java.desktop in -jre, instead of -jre-headless.
[ Torsten Werner ]
* first upload to Debian (Closes: #452750)
* Regenerate debian/control.
* Switch to bzip2 package compression in Debian but leave lzma compression
in Ubuntu.
* Temporarily downgrade Depends: tzdata-java to Recommends until the package
becomes available in Debian.
* Add myself to Uploaders.
* Do not install extras license file in openjdk-6-jre-lib.
* Add patch shebang.diff to fix a lintian warning.
* Install openjdk-6-java.desktop into the correct binary package.
* Improve some package descriptions.
* Remove some empty directories from binary packages.
* Install README.Debian in every binary package and give it some useful
content.
* Install java-rmi.cgi in package openjdk-6-jre-headless and mention it in
README.Debian.
* Install /usr/bin/jexec via update-alternatives.
* Downgrade Depends: java-common (>= 0.28).
* Add patch jexec.diff to make the jexec binary executable without
specifying an absolute path.
* Add Build-Depends: xauth and xfonts-base for mauve.
* Update and install the lintian override files.
* Replace all occurences of binary:Version and source:Version by
Source-Version to be compatible with Ubuntu release 6.06.
* Remove Conflicts: gcjwebplugin.
[ Michael Koch ]
* Fixed Vcs-Bzr and Vcs-Browser fields.
* Removed Encoding entry from all debian/*.desktop.in files.
[ Matthias Klose ]
* Make Java Full Screen Exclusive Mode work again with Xorg Server 1.3
and above (Dan Munckton). LP: #154613 (Java bug 6636469).
* Configure with --enable-zero on all archs except amd64, i386, lpia.
* Update IcedTea build infrastructure.
* Handle binary files in updates of the build infrastructure.
* Enable bootstrap/normal builds per architecture.
* javaws-wrapper.sh: Use readlink --canonicalize. LP: #211515.
* binfmt-support: Handle /usr/share/binfmts/jar as a slave symlink of
the jexec alternative, install the binfmt file in the jre libdir.
Use the jexec alternative in the binfmt file.
* JB-jre-headless.postinst.in: Remove sun-java6 specific chunks.
* Differentiate between the openjdk version required as dependency and
as build dependency.
* New code drop (b08).
* Update IcedTea build infrastructure.
* Move binfmt-support references from -jre to -jre-headless package.
* Don't fail on purge, if /var/lib/binfmts/openjdk-6 is missing. LP: #206721.
* Only use the basename for icons in desktop files. LP: #207413.
* Install javaws(1). LP: #191297.
* Install a wrapper script for javaws, which calls `javaws -viewer' if no
arguments are given (or else starting javaws from the desktop menu
would not do anything).
* debian/JB-web-start.applications.in: Remove the -viewer option from command.
* New code drop (b07).
* Update IcedTea build infrastructure.
* debian/copyright: Update to OpenJDK Trademark Notice v1.1.
* Update icon locations in menu files.
* openjdk-6-jre-headless: Provide java-virtual-machine. LP: #189953.
* openjdk-6-jre-headless: Add a conflict to gcjwebplugin; for openjdk
use the icetea-gcjwebplugin, for gij the java-gcj-compat-plugin.
* Update IcedTea to 20080319.
* Move rt.jar into the openjdk-6-jre-headless package; sun/awt/X11
class files differ between amd64 and i386.
* Install all desktop files in /usr/share/applications.
* Remove print-lsb-release.patch, forwarded to IcedTea.
* Fix IcedTea configure to detect libffi without pkg-config.
* Build-depend on libffi4-dev on architectures other than amd64, i386, lpia.
* Install icons in /usr/share/pixmaps, not /usr/share/icons.
* debian/rules: Call dh_icons.
* Tighten dependency on java-common.
* debian/copyright: Include trademark notice.
* debian/control: Mention IcedTea in the package descriptions.
* Update IcedTea to 20080311.
* Build-depend on unzip.
* Build-depend on zip.
* debian/mauve_tests: javax.swing.text.html.HTML.ElementTagAttributeTest,
removed, tries to access the network.
* debian/README.alternatives.in: Update for --jre-headless.
* debian/rules: Fix paths for OpenJDK based bootstrap.
* Compress packages using lzma.
* Drop build dependency on zip, unzip.
* Fix build infrastructure to bootstrap with OpenJDK instead of ecj.
* Do not build the gcjwebplugin from the OpenJDK source.
* Don't register a java-rmi.cgi alternative in /usr/bin.
* Split out a openjdk-6-jre-headless package, depend on java-common,
supporting update-java-alternatives --jre-headless.
* Make openjdk-6-jre-headless and openjdk-6-jre architecture any.
* New package openjdk-6-jre-lib (arch all).
* Remove openjdk-6-bin package.
* debian/patches/openjdk-ubuntu-branding.patch: New patch.
* Install images/cursors/cursors.properties as a config file.
* Do not compress demos and examples in the -demo package.
* openjdk-6-jre: Add dependency on libxinerama1.
* Update IcedTea to 20080305.
* Don't generate cacerts ourself, but depend on ca-certificates,
fix location of javax.net.ssl.trustStore property.
* Build-depend on mauve and xvfb; run some mauve tests (the list of
tests taken from the Fedora package).
* Keep a backup of the `generated' directory; some files are regenerated
differently, increasing the size of the diff.
* Re-add gawk and pkg-config as build dependencies.
* New code drop (b06).
* Remove java-access-bridge tarball, use an externally built package.
* Update IcedTea to 20080304.
* Don't use any compiler flags from the environment.
* First public OpenJDK upstream code drop (b05).
* Depend on tzdata-java.
* Fix removal of alternatives.
* Fix installation of the plugin for firefox-3.0.
* Update IcedTea to 20080118.
* Fix another build failure when gcc version != gcj version.
* Use the versioned compiler to build the corba parts.
* Register plugin for firefox-3.0.
* Build using GCC-4.3.
* First upload to Debian. Closes: #452750.
* debian/control.in:
- Moved package from universe/devel section to devel.
- Put icedtea-java7-doc into doc section.
- Added Homepage field and removed Homepage pseudo field from
descriptions.
- Updated Standards-Version to 3.7.3.
* debian/rules:
- Check if Makefile exists before called clean in clean target.
* debian/copyright: Converted to UTF-8.
* Update to IcedTea-1.5.
* debian/patches/ssp-interpreter.diff: Use bash to call the ssp script,
backslash handling differs betweend dash and bash.
* New upstream snapshot (b24).
* Update java-access-bridge to 1.21.1.
* On powerpc keep the build alive using buildwatch script.
* Do not install menu entries for javaws, ControlPanel. LP: #155553, #156673.
* README.alternatives: Fix example. LP: #157063.
* Allow libungif4-dev as alternative build dependency.
* On powerpc keep the build alive using buildwatch script.
* Always build the plugin using libxul-dev.
* Lower optimization to -O2 for building the jdk on amd64.
* Reenable parallel build.
* Link using -Bsymbolic-functions.
* debian/patches/arguments.patch, debian/patches/const_strings.patch:
New patches (Arnaud Vandyck).
* Bootstrap using ecj/gcj.
* Build using g++-4.1 on i386, lpia, powerpc.
* New upstream snapshot (b23).
* Revert the previous change, require 7~b22 versions again.
* Loosen dependencies to 7~b21, until package is built on all archs.
* New upstream snapshot (b22).
* Don't use parallel builds to make the build log better comparable.
* Update icedtea to vcs 20071012 (1.4 release), checked that the plugin
works on amd64.
* debian/copyright: Update "License Headers" section.
* Bootstrapping trigger upload for final step of bootstrapping i386, amd64,
lpia.
* Add build dependency on bzip2.
* Add build dependency on ant.
* Update icedtea to vcs 20071007.
* Update java-access-bridge to 1.20.0.
* Add build-dependency on libxinerama-dev.
* Add Xb-Npp-xxx tags for the -plugin package.
* Name the plugin "GCJ Web Browser Plugin (using IcedTea)", GCJ now
"Great Cool Java" (according to Michael Koch).
* Compress binary-indep packages using bzip2.
* Rebuild using icedtea 7~b21.
* New upstream snapshot (b21).
* Correctly unregister the executable binary format in the -bin package.
* Assemble the debian/copyright file.
* New upstream snapshot (b19).
* Build using g++-4.2 on amd64, using g++-4.1 on i386 and lpia.
* Build without -Werror, upstream source is not yet warning clean.
* Support DEB_BUILD_OPTIONS=parallel=<n>.
* Add build dependency on wget.
* Add font suggestions.
* Changed font configuration to fix CJK font support (Arne Goetje).
* Fix location of the plugin, when registering the plugin alternatives.
* Create browser plugin directories.
* Build-depend on liblcms1-dev.
* Recommend packages with dlopened libraries: liblcms1, lesstif2, libcupsys2,
libgtk2.0-0, libgnome2-0, libgnomevfs2-0, libgconf2-4, libxrandr2,
libgl1-mesa-glx.
* New upstream version.
* Include java-access-bridge.
* Build -doc, -plugin packages.
* Register alternatives, priority 1060.
* Initial release, discard the initial packaging based on cdbs.
* Base the packaging on the sun-javaX packages.
* Update upstream tarball to 7~b16, update icedtea to 20070724.
* debian/control: Build-depend on libfreetype6-dev.
* debian/rules: Configure --with-jar=/usr/bin/fastjar.
* Build using gcj-4.2.
* Initial version.