openjdk-8 (8u372-ga~us1-0ubuntu1~18.04) bionic-security; urgency=medium * Upload to Ubuntu 18.04. -- Vladimir Petko Sat, 06 May 2023 09:49:22 +0200 openjdk-8 (8u372-ga~us1-0ubuntu1) mantic; urgency=medium * OpenJDK 8u372 release, build 7. - CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968. - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2023-April/017039.html * d/rules: remove IcedTeaPlugin.so reference (LP: #2016396). -- Vladimir Petko Fri, 28 Apr 2023 15:44:40 +0200 openjdk-8 (8u362-ga-0ubuntu2) lunar; urgency=medium * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre is set up. -- Vladimir Petko Wed, 01 Mar 2023 17:18:57 +1300 openjdk-8 (8u362-ga-0ubuntu1) lunar; urgency=medium * New upstream release * CVEs - CVE-2023-21830 - CVE-2023-21843 * Security fixes - JDK-8285021: Improve CORBA communication - JDK-8286496: Improve Thread labels - JDK-8288516: Enhance font creation - JDK-8289350: Better media supports - JDK-8293554: Enhanced DH Key Exchanges - JDK-8293598: Enhance InetAddress address handling - JDK-8293717: Objective view of ObjectView - JDK-8293734: Improve BMP image handling - JDK-8293742: Better Banking of Sounds - JDK-8295687: Better BMP bounds * Other changes see https://mail.openjdk.org/pipermail/jdk8u-dev/2023-January/016479.html -- Vladimir Petko Fri, 20 Jan 2023 09:19:08 +1300 openjdk-8 (8u352-ga-1) unstable; urgency=medium * Update GCC for bookworm/sid and kinetic-proposed from 11 to 12 to match default system compiler (this needs testing as people report early issues in other distros) * New upstream release * Security fixes: - JDK-8282252: Improve BigInteger/Decimal validation - JDK-8285662: Better permission resolution - JDK-8286511: Improve macro allocation - JDK-8286519: Better memory handling - JDK-8286526, CVE-2022-21619: Improve NTLM support - JDK-8286533, CVE-2022-21626: Key X509 usages - JDK-8286910, CVE-2022-21624: Improve JNDI lookups - JDK-8286918, CVE-2022-21628: Better HttpServer service - JDK-8288508: Enhance ECDSA usage * Other changes see https://mail.openjdk.org/pipermail/jdk8u-dev/2022-October/015706.html * Drop applied patches * Upload sponsored by ⮡ tarent -- Thorsten Glaser Thu, 20 Oct 2022 18:11:04 +0200 openjdk-8 (8u342-b07-1) unstable; urgency=medium * New upstream release * Security fixes: - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports * Other changes see https://mail.openjdk.org/pipermail/jdk8u-dev/2022-July/015254.html * Add patch to undo user.dir change prohibition; this breaks legacy software like Gradle * Upload sponsored by ⮡ tarent -- Thorsten Glaser Sat, 23 Jul 2022 01:34:54 +0200 openjdk-8 (8u342~b06-1) unstable; urgency=low * Upload 8u342-b06 for pre-release testing (b05 for hotspot-aarch32 but the only difference is elsewhere) -- Thorsten Glaser Tue, 12 Jul 2022 23:13:34 +0200 openjdk-8 (8u332-ga-1) unstable; urgency=medium * Upload to unstable: final tested release * Otherwise, see below for diff from 8u312/8u322 * Upload sponsored by ⮡ tarent -- Thorsten Glaser Sun, 24 Apr 2022 20:43:30 +0200 openjdk-8 (8u332~b09-2) experimental; urgency=low * Upload to experimental, with arm64 but see below * Security fixes: - JDK-8269938: Enhance XML processing passes redux - JDK-8270504, CVE-2022-21426: Better XPath expression handling - JDK-8272255: Completely handle MIDI files - JDK-8272261: Improve JFR recording file processing - JDK-8272594: Better record of recordings - JDK-8274221: More definite BER encodings - JDK-8275151, CVE-2022-21443: Improved Object Identification - JDK-8277227: Better identification of OIDs - JDK-8277672, CVE-2022-21434: Better invocation handler handling - JDK-8278008, CVE-2022-21476: Improve Santuario processing - JDK-8278356: Improve file creation - JDK-8278449: Improve keychain support - JDK-8278805: Enhance BMP image loading - JDK-8278972, CVE-2022-21496: Improve URL supports - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo * Other changes: see https://mail.openjdk.java.net/pipermail/jdk8u-dev/2022-April/014839.html * Use stock jdk8u on arm64 instead of aarch64-shenandoah hotspot+GC * Upload sponsored by ⮡ tarent -- Thorsten Glaser Sun, 24 Apr 2022 01:47:18 +0200 openjdk-8 (8u332~b09-1) experimental; urgency=low * Upload to experimental * New upstream release but without arm64 as it’s not yet ported * Upload sponsored by ⮡ tarent -- Thorsten Glaser Thu, 21 Apr 2022 23:01:54 +0000 openjdk-8 (8u322-ga-1) unstable; urgency=low * Synchronise versions of G++ used with current distro defaults * Switch to github-based download workflow * Refresh patches, d/copyright, packaging * New upstream release * Security fixes: - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - JDK-8268488: More valuable DerValues - JDK-8268494: Better inlining of inlined interfaces - JDK-8268512: More content for ContentInfo - JDK-8268795: Enhance digests of Jar files - JDK-8268801: Improve PKCS attribute handling - JDK-8268813, CVE-2022-21283: Better String matching - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - JDK-8269944: Better HTTP transport redux - JDK-8270392, CVE-2022-21293: Improve String constructions - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - JDK-8270492, CVE-2022-21282: Better resolution of URIs - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - JDK-8271962: Better TrueType font loading - JDK-8271968: Better canonical naming - JDK-8271987: Manifest improved manifest entries - JDK-8272014, CVE-2022-21305: Better array indexing - JDK-8272026, CVE-2022-21340: Verify Jar Verification - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - JDK-8272272: Enhance jcmd communication - JDK-8272462: Enhance image handling - JDK-8273290: Enhance sound handling - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering - JDK-8273756, CVE-2022-21360: Enhance BMP image support - JDK-8273838, CVE-2022-21365: Enhanced BMP processing * Other changes: see https://mail.openjdk.java.net/pipermail/jdk8u-dev/2022-January/014522.html * Upload sponsored by ⮡ tarent in preparation for a quick 8u332 once available -- Thorsten Glaser Thu, 21 Apr 2022 23:06:27 +0200 openjdk-8 (8u312-b07-1) unstable; urgency=medium * New upstream release (GA) * Security fixes: - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 - JDK-8161016: Strange behavior of URLConnection with proxy - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization * Other changes: see https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-October/014373.html * Policy 4.6.1, no relevant changes * d/copyright: Apply changes since 8u302 * Upload sponsored by ⮡ tarent -- Thorsten Glaser Fri, 05 Nov 2021 23:57:58 +0000 openjdk-8 (8u302-b08-1) unstable; urgency=medium * New upstream release (GA) * Security fixes: - JDK-8256157: Improve bytecode assembly - JDK-8256491: Better HTTP transport - JDK-8258432, CVE-2021-2341: Improve file transfers - JDK-8260453: Improve Font Bounding - JDK-8260960: Signs of jarsigner signing - JDK-8260967, CVE-2021-2369: Better jar file validation - JDK-8262380: Enhance XML processing passes - JDK-8262403: Enhanced data transfer - JDK-8262410: Enhanced rules for zones - JDK-8262477: Enhance String Conclusions - JDK-8262967: Improve Zip file support - JDK-8264066, CVE-2021-2388: Enhance compiler validation - JDK-8264079: Improve abstractions - JDK-8264460: Improve NTLM support * Other changes: see https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014118.html * Add or update d/copyright lines, based on diffing upstream changes * Refresh all patches that are actually used and drop no longer needed d/p/compare-pointer-with-literal.patch * Fix spelling in d/rules * Upload sponsored by ⮡ tarent -- Thorsten Glaser Thu, 29 Jul 2021 20:45:23 +0200 openjdk-8 (8u292-b10-3) unstable; urgency=medium * Re-upload with actually regenerated debian/control, oops -- Thorsten Glaser Thu, 24 Jun 2021 00:05:48 +0200 openjdk-8 (8u292-b10-2) unstable; urgency=low * Fix regression in /etc/java-8-openjdk/accessibility.properties * Drop Suggests nōnexistent icedtea-8-plugin * Fix binfmts error with patch from bug (Closes: #822348) * Create /usr/share/man/man1 if it doesn’t exist, for crippled container images (Closes: #863199) * Provide java-runtime{,-headless} (Closes: #906111) * Mark openjdk-8-doc as M-A:foreign * Update “It was downloaded from” in d/copyright (cf. #970517) -- Thorsten Glaser Tue, 15 Jun 2021 22:23:01 +0200 openjdk-8 (8u292-b10-1) unstable; urgency=medium * Source-only upload after the previous bootstrap binary one * Change -Xmx1024m to -Xmx1000m in icedtea-sound compilation to work with mipsel’s memory layout (and sh4) * Don’t set old-style ALT_ environment variables, they are ignored * Create the origtgz in a hopefully reproducible way * Merge openjdk-8 (8u292-b10-0+deb9u1) - Revert bogus reversion of changes from previous uploads - Add missing changelog entry for 8u275 - Revert *buntu ESM-related changes - Undo an inconsistency in fetch-orig * Fix whitespace * Upgrade aarch32 to 8u292 GA * Build with reproducible LC_ALL=C setting * Obtain origtgz from https or, when not possible (icedtea-sound), check SHA256 against one I manually downloaded and checked, using the (expired…) key from pyconfigure’s signing keyring, which, unlike the keyserver network, contains the key used * Abort fetching origtgz if it fails, don’t soldier on to fail later * Document reasons some tests fail (more building on older releases) * Update lintian overrides (for sid) -- Thorsten Glaser Mon, 26 Apr 2021 17:00:54 +0200 openjdk-8 (8u292-b10-0+deb9u1) stretch-security; urgency=medium * Merge with Ubuntu. * Update to 8u292-b10 (GA). -- Emilio Pozuelo Monfort Wed, 21 Apr 2021 13:13:15 +0200 openjdk-8 (8u292-b10-0ubuntu1) hirsute; urgency=medium * Update to 8u292-b10 (GA). * Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames * Other changes: See https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-April/013680.html -- Matthias Klose Wed, 21 Apr 2021 12:25:15 +0200 openjdk-8 (8u282-b08-2) unstable; urgency=medium * Reupload to sid, under new maintainership (Debian Java team); cf. https://lists.debian.org/debian-java/2021/03/msg00021.html (and surrounding thread); sponsored by ⮡ tarent * Readd improvements from 8u275-b01-1, lost changelog entries * Add NEWS to openjdk-8-jre-headless (because all other depend on that) regarding OpenJDK 8 not being supported * Use GCC 10 to build on bullseye, sid, groovy and hirsute (that means GCC 9 on focal only) (Closes: #978519) * Silence postinst warning about removed -XX:PermSize option * Switch to mktemp(1) * Drop unused patches (keep a couple which just need updating) * Update README.source a little * G/C long-dead code from postinst, too * If the testsuite is disabled during generation of debian/control omit test-only dependencies * Upload with binaries built using the previous openjdk-8 binaries because openjdk-8-jdk is required for bootstrapping; 7 works but 11 cannot be used :/ a source-only upload will follow * Skip testsuite for first bootstrap, saving lots of time/CPU * Address some issues lintian reported; update a number of overrides -- Thorsten Glaser Fri, 26 Mar 2021 00:48:09 +0100 openjdk-8 (8u282-b08-1) bullseye; urgency=medium * Team upload. * Provide builds for bullseye/sid (for a personal repository), buster (for the same), stretch (for LTS), jessie (for ELTS) and wheezy (also for that personal repository) * Move @bd_bootstrap@ high up in Build-Depends so the resolver tries to fulfil it first * Require an openjdk-8 to bootstrap (a previous build) * Let openjdk-8-jre-headless fulfill default-jre-headless (>= 2:1.8) in ; the latter is only used with distros whose default JRE is older than 8, to avoid accidental use of 11 -- Thorsten Glaser Sun, 14 Feb 2021 00:42:46 +0100 openjdk-8 (8u282-b08-0ubuntu1) hirsute; urgency=medium * Update to 8u282-b08 (GA). * Update AArch64 hotspot to 8u282-b07 and AArch32 hotspot to 8u282-b07. -- Tiago Stürmer Daitx Wed, 20 Jan 2021 00:48:04 +0000 openjdk-8 (8u282-b07-0ubuntu1) hirsute; urgency=medium * Update to 8u282-b07 (early access build). * Update AArch64 hotspot to 8u282-b03 and AArch32 hotspot to 8u282-b06. * Update patches. -- Tiago Stürmer Daitx Thu, 07 Jan 2021 00:16:35 +0000 openjdk-8 (8u275-b01-1~deb9u1) stretch-security; urgency=medium * Team upload. * Provide 8u275-b01 (GA) regression fixes -- Thorsten Glaser Wed, 02 Dec 2020 11:15:53 +0100 openjdk-8 (8u275-b01-1) unstable; urgency=medium * Team upload. * Merge back into Debian - Revert Maintainer change * Drop unused patch (which is already merged upstream) * Correct hg_tag, hg_tag_aarch64, hg_tag_aarch32 in debian/rules * Really update the origtgz to 8u275 instead of hackedly patching * Quell some lintian warnings -- Thorsten Glaser Wed, 02 Dec 2020 09:51:35 +0100 openjdk-8 (8u275-b01-0ubuntu1) hirsute; urgency=medium * Update to 8u275-b01 (GA). Patch aarch32 and aarch64 to 8u275-b01. * Regression fixes: - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" - JDK-8223940: Private key not supported by chosen signature algorithm - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) -- Tiago Stürmer Daitx Mon, 09 Nov 2020 02:08:45 +0000 openjdk-8 (8u272-b10-1) unstable; urgency=medium * Team upload. * Upload latest security fixes (thanks!) to sid -- Thorsten Glaser Mon, 26 Oct 2020 21:29:16 +0100 openjdk-8 (8u272-b10-0ubuntu1) hirsute; urgency=medium * Update to 8u272-b10 (GA). Patch aarch32 to 8u272-b10. * Security fixes: - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class. - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts. - JDK-8237995, CVE-2020-14782: Enhance certificate processing. - JDK-8241114, CVE-2020-14792: Better range handling. - JDK-8242680, CVE-2020-14796: Improved URI Support. - JDK-8242685, CVE-2020-14797: Better Path Validation. - JDK-8242695, CVE-2020-14798: Enhanced buffer support. - JDK-8244136, CVE-2020-14803: Improved Buffer supports. - JDK-8233624: Enhance JNI linkage. - JDK-8236196: Improve string pooling. - JDK-8240124: Better VM Interning. - JDK-8243302: Advanced class supports. - JDK-8244479: Further constrain certificates. - JDK-8244955: Additional Fix for JDK-8240124. - JDK-8245407: Enhance zoning of times. - JDK-8245412: Better class definitions. - JDK-8245417: Improve certificate chain handling. - JDK-8248574: Improve jpeg processing. - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit. - JDK-8253019: Enhanced JPEG decoding. * New features: - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7. -- Tiago Stürmer Daitx Thu, 22 Oct 2020 00:12:59 +0000 openjdk-8 (8u272-b10-0+deb9u1) stretch-security; urgency=medium * Update to 8u272-b10 (GA). * Security fixes: - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995, CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM Interning - JDK-8241114, CVE-2020-14792: Better range handling - JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685, CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced buffer support - JDK-8243302: Advanced class supports - JDK-8244136, CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407: Enhance zoning of times - JDK-8245412: Better class definitions - JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - JDK-8253019: Enhanced JPEG decoding -- Emilio Pozuelo Monfort Wed, 21 Oct 2020 23:52:22 +0200 openjdk-8 (8u272~b09-0ubuntu1) groovy; urgency=medium * Update to 8u272-b09 (early access build). * Update AArch64 hotspot to 8u252-b08 (no hotspot changes to b09). -- Tiago Stürmer Daitx Thu, 08 Oct 2020 14:57:35 +0000 openjdk-8 (8u265-b01-1) unstable; urgency=medium * Team upload. * Upload to unstable (no comment…). Thanks! -- Thorsten Glaser Thu, 13 Aug 2020 21:26:36 +0200 openjdk-8 (8u265-b01-0+deb9u1) stretch-security; urgency=medium * Non-maintainer upload by the LTS Team. * Merge changes from 8u265-b01-0ubuntu2. -- Emilio Pozuelo Monfort Wed, 12 Aug 2020 10:17:29 +0200 openjdk-8 (8u265-b01-0ubuntu2) groovy; urgency=medium * Improve build times and autopkgtest runs by ignoring time consuming tests when running on zerovm and armhf systems. - debian/tests/hotspot: exclude slow hotspot tests for zerovm hotspot or armhf machines. - debian/tests/hotspot-problem-list-slow.txt: define a list of long running hotspot tests. - debian/tests/jdk-problem-list.txt: add a list of long running jdk tests for linux-arm (armhf) systems. - debian/tests/jtreg-autopkgtest.in: reduce retries from 3 to 2 in order to save time. - debian/tests/jtreg-autopkgtest.sh: regenerated. -- Tiago Stürmer Daitx Sat, 01 Aug 2020 21:41:17 +0000 openjdk-8 (8u265-b01-0ubuntu1) groovy; urgency=medium * Update to 8u265-b01 (GA). * Bug fixes: - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior. - JDK-8250546: Expect changed behaviour reported in JDK-8249846. -- Tiago Stürmer Daitx Sat, 01 Aug 2020 17:50:43 +0000 openjdk-8 (8u262-b10-0ubuntu2) groovy; urgency=medium * d/p/jdk-8249677.patch: fix regression introduced by JDK-8237117. -- Tiago Stürmer Daitx Thu, 22 Jul 2020 20:53:08 +0000 openjdk-8 (8u262-b10-0ubuntu1) groovy; urgency=medium * Update to 8u262-b10 (GA). Update aarch32 to 8u262-b09 (no hotspot changes between b09 and b10). * Security fixes: - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238925: Enhance WAV file playback - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux * debian/patches/zero-x32.diff: remove SocketImpl.c hunks which have been applied upstream. * debian/patches/default-jvm-cfg-default.diff: fixed fuzz. * debian/patches/pass-extra-flags.diff: fixed fuzz. * debian/patches/system-lcms.diff: fixed fuzz. -- Tiago Stürmer Daitx Wed, 24 Jun 2020 21:29:14 +0000 openjdk-8 (8u252-b09-1ubuntu1) focal; urgency=medium * Build without atk-wrapper on i386 in focal. -- Matthias Klose Thu, 16 Apr 2020 10:47:49 +0200 openjdk-8 (8u252-b09-1) unstable; urgency=medium * Update to OpenJDK 8u252-b09 (GA). Updated aarch32 to 8u252-b08 (no hotspot changes between b08 and b09). * Security fixes - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap * Other changes - JDK-8005819: Support cross-realm MSSFU - JDK-8022263: use same Clang warnings on BSD as on Linux - JDK-8038631: Create wrapper for awt.Robot with additional functionality - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests - JDK-8068184: Fix for JDK-8032832 caused a deadlock - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature - JDK-8132130: some docs cleanup - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal - JDK-8144446: Automate the Marlin crash test - JDK-8144526: Remove Marlin logging use of deleted internal API - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats - JDK-8144654: Improve Marlin logging - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins - JDK-8166976: TestCipherPBECons has wrong @run line - JDK-8167409: Invalid value passed to critical JNI function - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT - JDK-8191227: issues with unsafe handle resolution - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object - JDK-8215756: Memory leaks in the AWT on macOS - JDK-8216472: (se) Stack overflow during selection operation leads to crash - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test - JDK-8229022: BufferedReader performance can be improved by using StringBuilder - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC - JDK-8229872: (fs) Increase buffer size used with getmntent - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 - JDK-8235904: Infinite loop when rendering huge lines - JDK-8236179: C1 register allocation error with T_ADDRESS - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call - JDK-8241296: Segfault in JNIHandleBlock::oops_do() - JDK-8241307: Marlin renderer should not be the default in 8u252 * Build using GCC 9 in unstable. Closes: #944184. -- Matthias Klose Wed, 15 Apr 2020 15:38:21 +0200 openjdk-8 (8u252-b07-1) unstable; urgency=medium * Update to 8u252-b07 (early access build). * Update ARM32 and AArch64 hotspot to 8u252-b06. * Build using GCC 9 in recent releases. -- Matthias Klose Thu, 26 Mar 2020 12:57:56 +0100 openjdk-8 (8u242-b08-1) unstable; urgency=medium * Merge changes from 8u242-b08-0ubuntu3 back into Debian * Fix nocheck profile (no profile support) for wheezy * Version !nocheck default-jre-headless build dependency to ensure at least Java 8 there as well; avoids needing to install two JREs when building in pre-{stretch,xenial} * Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga * Bump Policy -- Thorsten Glaser Thu, 06 Feb 2020 19:12:24 +0100 openjdk-8 (8u242-b08-0ubuntu3) focal; urgency=medium * OpenJDK 8u242-b08 build (release). - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities - S8228548, CVE-2020-2593: Normalize normalization for all - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets - S8229951, CVE-2020-2601: Better Ticket Granting Services - S8231422, CVE-2020-2604: Better serial filter handling - S8231795, CVE-2020-2659: Enhance datagram socket support - S8234037, CVE-2020-2654: Improve Object Identifier Processing - S8037550: Update RFC references in javadoc to RFC 5280 - S8039438: Some tests depend on internal API sun.misc.IOUtils - S8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes - S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace - S8080835: Add blocking bulk read to sun.misc.IOUtils - S8138978: Examine usages of sun.misc.IOUtils - S8139206: Add InputStream readNBytes(int len) - S8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length - S8186576: KerberosTicket does not properly handle renewable tickets at the end of their lifetime - S8186831: Kerberos ignores PA-DATA with a non-null s2kparams - S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test - S8193832: Performance of InputStream.readAllBytes() could be improved - S8196956: (ch) More channels cleanup - S8201627: Kerberos sequence number issues - S8215032: Support Kerberos cross-realm referrals (RFC 6806) - S8225261: Better method resolutions - S8225279: Better XRender interpolation - S8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message" - S8227061: KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC - S8227381: GSS login fails with PREAUTH_FAILED - S8227437: S4U2proxy cannot continue because server's TGT cannot be found - S8227758: More valid PKIX processing - S8227816: More Colorful ICC profiles - S8230279: Improve Pack200 file reading - S8230318: Better trust store usage - S8230967: Improve Registry support of clients - S8231129: More glyph images - S8231139: Improved keystore support - S8232381: add result NULL-checking to freetypeScaler.c - S8232419: Improve Registry registration - S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private - S8235909: File.exists throws AccessControlException for invalid paths when a SecurityManager is installed - S8236983: [TESTBUG] Remove pointless catch block in test/jdk/sun/security/util/DerValue/BadValue.java - S8236984: Add compatibility wrapper for IOUtils.readFully * Use the hotspot arch list to select between hotspot and zero as the default VM for autopkgtests. This fixes s390x (zero based) autopkgtest support. -- Tiago Stürmer Daitx Fri, 17 Jan 2020 17:37:33 +0000 openjdk-8 (8u242-b04-1) unstable; urgency=medium * Update to 8u242-b04 (early access build). -- Matthias Klose Mon, 06 Jan 2020 20:59:40 +0100 openjdk-8 (8u232-b09-1) unstable; urgency=high * Update to OpenJDK 8u232-b09 (GA). Updated aarch32 to 8u232-b09. * Security fixes: - S8167646: Better invalid FilePermission. - S8213429, CVE-2019-2933: Windows file handling redux. - S8218573, CVE-2019-2945: Better socket support. - S8218877: Help transform transformers. - S8220186: Improve use of font temporary files. - S8220302, CVE-2019-2949: Better Kerberos ccache handling. - S8221497: Optional Panes in Swing. - S8221858, CVE-2019-2958: Build Better Processes. - S8222684, CVE-2019-2964: Better support for patterns. - S8222690, CVE-2019-2962: Better Glyph Images. - S8223163: Better pattern recognition. - S8223505, CVE-2019-2973: Better pattern compilation. - S8223518, CVE-2019-2975: Unexpected exception in jjs. - S8223892, CVE-2019-2978: Improved handling of jar files. - S8224025: Fix for JDK-8220302 is not complete. - S8224532, CVE-2019-2981: Better Path supports. - S8224915, CVE-2019-2983: Better serial attributes. - S8225286, CVE-2019-2987: Better rendering of native glyphs. - S8225292, CVE-2019-2988: Better Graphics2D drawing. - S8225298, CVE-2019-2989: Improve TLS connection support. - S8225597, CVE-2019-2992: Enhance font glyph mapping. - S8226765, CVE-2019-2999: Commentary on Javadoc comments. - S8227129: Better ligature for subtables. - S8227601: Better collection of references. - S8228825, CVE-2019-2894: Enhance ECDSA operations. -- Matthias Klose Thu, 17 Oct 2019 22:41:19 +0200 openjdk-8 (8u232-b07-2) unstable; urgency=medium * Update to 8u232-b07 (early access build). [ Matthias Klose ] * Refresh patches. * openjdk-8-jdk-headless: Add Breaks/Replaces for moved clhsdb binary. LP: #1845873. * debian/tests/control: Depend on g++ instead of build-essential or libc6-dev. * Bump standards vesion. [ Tiago Stürmer Daitx ] * Improve and fix build tests and autopkgtests: - Update debian/tests/hotspot,jdk,langtools to ignore jtreg-autopkgtest.sh return code. - Create debian/tests/jtdiff-autopkgtest.in as it depends on debian/rules variables. - debian/control.in, debian/control: add default-jre-headless to Build-Depends with a nocheck clause as jtreg requires a JRE in /usr/lib/jvm/default-java. - debian/tests/control: + Add zip and unzip test dependencies required by jdk's test/sun/security/tools/jarsigner/diffend.sh and test/sun/security/tools/jarsigner/emptymanifest.sh. + Depend on default-jre-headless so jtreg will use the JRE from /usr/lib/jvm/default-java. - debian/tests/jtdiff-autopkgtest.sh: + Fail only if an actual regression is detected. + Add the super-diff comparison from jtdiff. + Save failed jtr files for all runs. - debian/tests/jtreg-autopkgtest.sh: + Enable retry of failed tests to trim out flaky tests. + Fix unbound variable. + Keep .jtr files from failed tests only. - debian/patches/jdk-problem-list.diff: ignore failing tests that require more investigation. - debian/rules: + Preserve all JTreport directories in the test output directory. + Use JDK_DIR instead of JDK_TO_TEST for autopkgtest generation. + Package all .jtr files from JTwork as jtreg-autopkgtest.sh makes sure it contains only failed tests. * debian/tests/jdk: add our custom debian/tests/jdk-problem-list.txt to the exclusion list. * debian/tests/jdk-problem-list.txt: custom exclusion rules for jdk tests that fail to run during a build or autopkgtest run. * debian/rules: remove debian/patches/jdk-problem-list.diff. * debian/patches/jdk-problem-list.diff: jtreg allows for extra exclusion files thus there's no need to patch upstream's exclusion list. * debian/tests/control: mark all autopkgtests as flaky. * debian/tests/hotspot-archs: generated by debian/rules, contains a list of archs that supports a hotspot vm. * debian/tests/jdk: run only when the host arch is a hotspot vm - allow override through an environment variable. * debian/rules: update gen-autopkgtests to echo supported hotspot archs. -- Matthias Klose Tue, 01 Oct 2019 13:49:35 +0200 openjdk-8 (8u232-b04-1) experimental; urgency=medium * Update to 8u232-b04 (early access build). * Refresh patches. -- Matthias Klose Fri, 06 Sep 2019 18:03:11 +0200 openjdk-8 (8u222-b10-1) unstable; urgency=high * Update to 8u222-b10 (except for AArch32, updated to b08). - Security fixes: - S8191073: JpegImageReader throws IndexOutOfBoundsException when trying to read image data from tables-only image. - S8208698, CVE-2019-2745: Improved ECC Implementation. - S8212328, CVE-2019-2762: Exceptional throw cases. - S8213431, CVE-2019-2766: Improve file protocol handling. - S8213432, CVE-2019-2769: Better copies of CopiesList. - S8216381, CVE-2019-2786: More limited privilege usage. - S8217563: Improve realm maintenance. - S8218863: Better endpoint checks. - S8218873: Improve JSSE endpoint checking. - S8218876, CVE-2019-7317: Improve PNG support options. - S8219018: Adjust positions of glyphs. - S8219020: Table alternate substitutions. - S8219775: Certificate validation improvements. - S8220192: Better outlook for SecureRandom. - S8220517: Enhanced GIF support. - S8221518, CVE-2019-2816: Normalize normalization. - S8223511, CVE-2019-2842: Extended AES support. [ Matthias Klose ] * Bump standards version. [ Tiago Stürmer Daitx ] * Backport fix for S8223511 for AArch32. -- Matthias Klose Thu, 18 Jul 2019 18:57:23 +0200 openjdk-8 (8u222-b07-3) unstable; urgency=medium * Upload to unstable. -- Matthias Klose Sun, 07 Jul 2019 22:02:56 +0200 openjdk-8 (8u222-b07-2) experimental; urgency=medium * Remove AArch32 patches, applied upstream. * Fix build dependencies for Ubuntu precise builds. -- Matthias Klose Sat, 29 Jun 2019 11:17:16 +0200 openjdk-8 (8u222-b07-1) experimental; urgency=medium * Update to 8u222-b07. -- Matthias Klose Sat, 29 Jun 2019 10:48:23 +0200 openjdk-8 (8u222-b05-1) experimental; urgency=medium [ Matthias Klose ] * Update to 8u222-b05 (except for AArch32). * Apply suggested hotspot fixes for AArch32. * Re-enable running the testsuite. [ Tiago Stürmer Daitx ] * Find any hs_err_pid files generated during the build and send to stdout. -- Matthias Klose Mon, 10 Jun 2019 15:03:02 +0200 openjdk-8 (8u222-b04-3) experimental; urgency=medium * Update ARM32 to jdk8u222-b04-aarch32-190603. * Regenerate the ppc64el patch. * Remove unused patches ppc64le-8036767 and zero-opt. -- Matthias Klose Fri, 07 Jun 2019 09:14:38 +0200 openjdk-8 (8u222-b04-1) experimental; urgency=medium * Update to 8u222-b04. * Update ARM32 to jdk8u212-b04-aarch32-190430. * Fix 32bit zero builds. -- Matthias Klose Mon, 03 Jun 2019 12:11:07 +0200 openjdk-8 (8u212-b03-3) UNRELEASED; urgency=medium * Use -a instead of -s for debhelper tools. -- Matthias Klose Tue, 28 May 2019 14:10:32 +0200 openjdk-8 (8u212-b03-2) unstable; urgency=medium * Don't apply the 8221355 fix for ARM builds. * Don't configure --with-vendor-name on stable releases. * Fix the jpeg runtime dependency for the build in unstable. -- Matthias Klose Tue, 28 May 2019 10:14:27 +0200 openjdk-8 (8u212-b03-1) unstable; urgency=medium [ Matthias Klose ] * Configure --with-vendor-name. * 8221355: Fix performance regression after JDK-8155635 backport into 8u. [ Tiago Stürmer Daitx ] * Update to 8u212-b03. LP: #1826001. * Security fixes: - S8211936, CVE-2019-2602: Better String parsing. - S8218453, CVE-2019-2684: More dynamic RMI interactions. - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID(). * Revert to GTK2 as default since GTK3 still has padding and component issues: - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on libgtk2.0-0 instead of relying on gtk3 for some releases. * debian/control: add missing dependency on testng (required by the testsuites). [ Andrej Shadura ] * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS. Closes: 922757. [ Matthias Klose ] * debian/rules, debian/tests/jtdiff-autopkgtest.sh, debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh: only set the JDK under test and allow jtreg to use its default JDK for running the tests. [ Thorsten Glaser ] * Improve compatibility with older releases. Closes: #925407. - debian/rules: determine source date using backwards-compatible dpkg-parsechangelog call. - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as it can be empty. -- Matthias Klose Mon, 29 Apr 2019 14:51:40 +0200 openjdk-8 (8u212-b01-1) unstable; urgency=medium * Update to 8u212-b01. * Enable SA on AArch64. -- Matthias Klose Tue, 19 Mar 2019 08:26:02 +0100 openjdk-8 (8u202-b26-3) unstable; urgency=medium * Fix the 8u202 merge for aarch32, not using SA. -- Matthias Klose Mon, 18 Mar 2019 14:13:37 +0100 openjdk-8 (8u202-b26-2) unstable; urgency=medium * Fix builds using the aarch32 hotspot version. -- Matthias Klose Sun, 17 Mar 2019 23:37:54 +0100 openjdk-8 (8u202-b26-1) unstable; urgency=high * Update to 8u202-b26. * Security fixes: - CVE-2019-2422, S8206290: Better FileChannel transfer performance. - CVE-2019-2426, S8209094: Improve web server connections. - S8199156: Better route routing. - S8199552: Update to build scripts. - S8200659: Improve BigDecimal support. - S8203955: Improve robot support. - S8204895: Better icon support. - S8205709: Proper allocation handling. - S8205714: Initial class initialization. - S8210094: Better loading of classloader classes. - S8210606: Improved data set handling. - S8210866: Improve JPEG processing. [ Tiago Stürmer Daitx ] * Update DEP8 tests: - debian/tests/control: updated to allow stderr output and to remove dpkg-dev dependency. - debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture instead of dpkg-architecture; log script name on any output. - debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead of dpkg-architecture; do not retain test temporary files; log script name on any output. - debian/tests/jtreg-autopkgtest.sh: regenerated. -- Matthias Klose Sun, 17 Mar 2019 17:07:16 +0100 openjdk-8 (8u191-b12-2) unstable; urgency=high * Upload to unstable. * Remove the "Team upload" for the last upload to experimental. -- Matthias Klose Wed, 05 Dec 2018 09:06:06 +0100 openjdk-8 (8u191-b12-1) experimental; urgency=medium * Update to 8u191-b12. (Closes: #911925, Closes: #912333, LP: #1800792) * debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt from upstream now. * debian/excludelist.langtools.jtx: upstream testing does not use any exclusion list. * debian/patches/sec-webrev-8u191-b12*: removed, applied upstream. * debian/patches/jdk-8132985-backport-double-free.patch, debian/patches/jdk-8139803-backport-warning.patch: fix crash in freetypescaler due to double free, thanks to Heikki Aitakangas for the report and patches. (Closes: #911847) * debian/rules: - tar and save JTreport directory. - run the same limited set of tests as upstream does. - call the same testsuites scripts used for autopkgtest. - reenable jdk testsuite. - simplified and moved xvfb logic into check-jdk rule. - removed jtreg and xvfb build dependency logic and moved the bdeps into debian/control.in. - added rules to generate autopkgtest scripts from templates. * updated dep8 tests: - debian/test/control: run hotspot, langtools, and jdk testsuites. - debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools: add scripts for each testsuite to be run. - debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg script used by the autopkgtest tests. - debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report any differences between the autopkgtest and the tests results generated during the openjdk package build. - debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg and put the resulting artifacts in the right places. - debian/tests/valid-tests: removed, no longer needed. -- Tiago Stürmer Daitx Mon, 19 Nov 2018 11:02:46 +0000 openjdk-8 (8u181-b13-2) unstable; urgency=high [ Tiago Stürmer Daitx ] * Apply patches from 8u191-b12 security update. - CVE-2018-3136, S8194534: Manifest better support. - CVE-2018-3139, S8196902: Better HTTP Redirection. - CVE-2018-3149, S8199177: Enhance JNDI lookups. - CVE-2018-3169, S8199226: Improve field accesses. - CVE-2018-3180, S8202613: Improve TLS connections stability. - CVE-2018-3183, S8202936: Improve script engine support. - CVE-2018-3214, S8205361: Better RIFF reading support. - CVE-2018-3211: Unspecified vulnerability in the Serviceability component. - S8195868: Address Internet Addresses. - S8195874: Improve jar specification adherence. - S8201756: Improve cipher inputs. - S8203654: Improve cypher state updates. - S8204497: Better formatting of decimals. * debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes a memory leak; upstream fixed it in openjdk-7, albeit in a different way. Closes: #910672. [ Matthias Klose ] * Bump standards version. -- Matthias Klose Sun, 21 Oct 2018 12:23:32 +0200 openjdk-8 (8u181-b13-1) unstable; urgency=high * Update to 8u181-b13. * Remove the mauve test machinery. * Build using GCC 8 in development releases. -- Matthias Klose Sat, 04 Aug 2018 14:10:33 +0200 openjdk-8 (8u171-b11-2) unstable; urgency=medium * Update the zero-architectures patch for ia64 (Adrian Glaubitz). Closes: #897066. * Fix zero build on ia64 (Adrian Glaubitz). Closes: #897068. * Refresh patches. -- Matthias Klose Thu, 17 May 2018 16:17:27 -0400 openjdk-8 (8u171-b11-1) unstable; urgency=high [ Tiago Stürmer Daitx ] * Update to 8u171-b11. Hotspot 8u162-b12 for aarch32 with 8u171-b10 hotspot security fixes and 8u171-b10 for aarch64. - CVE-2018-2790,S8189969: Manifest better manifest entries. - CVE-2018-2795,S8189977: Improve permission portability. - CVE-2018-2796,S8189981: Improve queuing portability. - CVE-2018-2797,S8189985: Improve tabular data portability. - CVE-2018-2798,S8189989: Improve container portability. - CVE-2018-2799,S8189993: Improve document portability. - CVE-2018-2794,S8189997: Enhance keystore mechanisms. - CVE-2018-2814,S8192025: Less referential references. - CVE-2018-2815,S8192757: Improve stub classes implementation. - CVE-2018-2800,S8193833: Better RMI connection support. - S8169080: Improve documentation examples for crypto applications. - S8180881: Better packaging of deserialization. - S8182362: Update CipherOutputStream Usage. - S8189123: More consistent classloading. - S8190478: Improved interface method selection. - S8190877: Better handling of abstract classes. - S8191696: Better mouse positioning. - S8192030: Better MTSchema support. - S8193409: Improve AES supporting classes. - S8193414: Improvements in MethodType lookups. * d/p/aarch64-hotspot-8u162-b12.patch: removed, tarball has been updated to 8u171-b10. * d/p/hotspot-S8185723-zero-ppc32-atomic_copy64-fix.patch, d/p/hotspot-S8201509-zero-s390x-atomic_copy64-fix.patch: fix ppc32, s390x javac segmentation fault caused by wrong inline assembler. [ Matthias Klose ] * Bump standards version. -- Matthias Klose Fri, 27 Apr 2018 08:56:10 +0200 openjdk-8 (8u162-b12-1) unstable; urgency=high [ Tiago Stürmer Daitx ] * Update to 8u162-b12. Hotspot 8u162-b12 for aarch32 and 8u161-b16 for aarch64 (wth 8u162-b12 patches). * Security updates: - CVE-2018-2633,S8186606: Improve LDAP lookup robustness. - CVE-2018-2637,S8186998: Improve JMX supportive features. - CVE-2018-2634,S8186600: Improve property negotiations. - CVE-2018-2582,S8174962: Better interface invocations. - CVE-2018-2641,S8185325: Improve GTK initialization. - CVE-2018-2618,S8185292: Stricter key generation. - CVE-2018-2629,S8186212: Improve GSS handling. - CVE-2018-2603,S8182387: Improve PKCS usage. - CVE-2018-2599,S8182125: Improve reliability of DNS lookups. - CVE-2018-2602,S8182601: Improve usage messages. - CVE-2018-2588,S8178449: Improve LDAP logins. - CVE-2018-2678,S8191142: More refactoring for naming deserialization cases. - CVE-2018-2677,S8190289: More refactoring for client deserialization cases. - CVE-2018-2663,S8189284: More refactoring for deserialization cases. - CVE-2018-2579,S8172525: Improve key keying case. * d/p/aarch64-hotspot-8u162-b12.patch: update aarch64 hotspot to 8u162-b12. * d/p/icedtea-4953367.patch: removed, fixed upstream by "S8136570: Stop changing user environment variables related to /usr/dt". * d/p/gcc6.diff: removed, fixed upstream. * d/p/jdk-getAccessibleValue.diff: updated, removed chunks fixed upstream by "S8076249: NPE in AccessBridge while editing JList model" and "S8145207: [macosx] JList, VO can't access non-visible list items". * d/p/openjdk-ppc64el-S8170153.patch, d/p/8164293.diff, d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch, d/p/hotspot-ppc64el-S8168318-cmpldi.patch, d/p/hotspot-ppc64el-S8170328-andis.patch, d/p/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch, d/p/hotspot-ppc64el-S8181055-use-numa-v2-api.patch, d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: removed, applied upstream. * d/rules, d/control: depend on GKT3 instead of GTK2 for newer releases. LP: #1735482. * d/rules: wait 10 seconds before issuing SIGKILL to buildwatch. * d/buildwatch.sh: find hs_err files and cat them to help debugging build failures. * S8173853: IllegalArgumentException in java.awt.image.ReplicateScaleFilter. LP: #8173853. [ Matthias Klose ] * Disable Hotspot workaround for Exec Shield (Debian only). Closes: #876051. * Fix some lintian warnings. -- Matthias Klose Thu, 15 Mar 2018 18:19:50 +0100 openjdk-8 (8u151-b12-1) unstable; urgency=high * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot patches. [ Tiago Stürmer Daitx ] * Security patches: - CVE-2017-10274, S8169026: Handle smartcard clean up better. If a CardImpl can be recovered via finalization, then separate instances pointing to the same device can be created. - CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's readObject allocates an array based on data in the stream which could cause an OOM. - CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced thread can be used as the root of a Trusted Method Chain. - CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and possibly other Linux flavors) CR-NL in the host field are ignored and can be used to inject headers in an HTTP request stream. - CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos implementations can incorrectly take information from the unencrypted portion of the ticket from the KDC. This can lead to an MITM attack impersonating Kerberos services. - CVE-2017-10346, S8180711: Better alignment of special invocations. A missing load constraint for some invokespecial cases can allow invoking a method from an unrelated class. - CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated based on data in the serial stream without a limit on the size. - CVE-2017-10347, S8181323: Better timezone processing. An array is allocated based on data in the serial stream without a limit on the size. - CVE-2017-10349, S8181327: Better Node predications. An array is allocated based on data in the serial stream without a limit on the size. - CVE-2017-10345, S8181370: Better keystore handling. A malicious serialized object in a keystore can cause a DoS when using keytool. - CVE-2017-10348, S8181432: Better processing of unresolved permissions. An array is allocated based on data in the serial stream without a limit on the size. - CVE-2017-10357, S8181597: Process Proxy presentation. A malicious serialized stream could cause an OOM due to lack on checking on the number of interfaces read from the stream for a Proxy. - CVE-2017-10355, S8181612: More stable connection processing. If an attack can cause an application to open a connection to a malicious FTP server (e.g., via XML), then a thread can be tied up indefinitely in accept(2). - CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS keystores should be retired from common use in favor of more modern keystore protections. - CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds check could lead to leaked memory contents. - CVE-2016-9841, S8184682: Upgrade compression library. There were four off by one errors found in the zlib library. Two of them are long typed which could lead to RCE. * debian/rules: - openjdk8 now ships limited and unlimited policy.jar files (S8157561) into their own directories under jre/lib/security/policy. * debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch, d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates to both aarch32 and aarch64. * d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff, d/p/system-libjpeg.diff: Remove hunks related to the generated configure file generated during the build. * d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld. LP: #1723893. * d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and. LP: #1723862. * d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add Montgomery multiply intrinsic. LP: #1723860. * d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for bitfield extract is absent in OpenJDK 8. LP: #1723861. * d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which is present in overlayfs. [ Matthias Klose ] * Bump standards version. -- Matthias Klose Wed, 01 Nov 2017 07:12:56 +0100 openjdk-8 (8u144-b01-2) unstable; urgency=medium [ Matthias Klose ] * Don't regenerate the control file during the build. * Enable systemtap on sh4. * Bump standards version to 4.1.0. * Build using GCC 7 on recent development versions. [ Tiago Stürmer Daitx ] * debian/rules: - when zero/shark alternate vm is build, add '-zero KNOWN' to jvm.cfg. - for non-hotspot builds add '-zero ALIASED_TO -server' to jvm.cfg. - enable zero alternate vm on armhf. * debian/jvm.cfg-client_default: aarch32 only builds the client compiler and requires its own default jvm. Closes: #874434. -- Matthias Klose Sat, 30 Sep 2017 02:37:14 +0200 openjdk-8 (8u144-b01-1) unstable; urgency=medium * Update to 8u144-b01. - fix regression introduced by security fix S8169392. LP: #1707082. [ Matthias Klose ] * Fix libjvm.so's .debug file names. LP: #1548434. * Remove dependency on multiarch-support. Closes: #870520. [ Tiago Stürmer Daitx ] * debian/apport-hook.py: - truncate hs_err if bigger than 100 KiB instead of ignoring it. - add message if hs_err file is not found at expected location. - report file size in human readble SI units. * debian/control.in: - move 'Breaks:' from openjdk-8-jdk-headless to openjdk-8-jre-headless. - remove jamvm references. * debian/control.jamvm-jre: removed. * debian/control.jamvm-trans: transactional package for jamvm. * debian/rules: - add aarch32 hotspot support. - build aarch32 using client jvm-variant (no server in aarch32 port). - use DEB_HOST_ARCH instead of DEB_HOST_ARCH_CPU as armel and armhf are both reported as arm. - explicitly add kfreebsd-i386, kfreebsd-amd64, hurd-i386 to arch_map and archdir_map due to usage of DEB_HOST_ARCH. - avoid building zero as an alternative vm for aarch32. - disable precompiled headers on Trusty to minimize g++-4.8 segfaults. - don't build zero alternate vm on Trusty, avoid g++-4.8 segfaults. - add a 'Breaks:' entry to ca-certificates-java for all releases except Trusty. LP: #1706567. - remove jamvm. * debian/patches/aarch64.diff: remove unnecessary chunks as aarch64 is now upstream. * debian/patches/aarch32.diff: add required changes to root and jdk to build aarch32. * debian/patches/hotspot-libpath-aarch32.diff: copied from hotspot-libpath-default.diff. * debian/patches/ppc64le-8036767.diff: updated. * debian/patches/jdk-ppc64el-S8170153.patch: updated to include aarch64. * debian/patches/jdk-java-nio-bits-unligned-aarch64.diff: Check for "aarch64" along with other unaligned access supporting architectures. -- Matthias Klose Wed, 23 Aug 2017 21:41:07 +0200 openjdk-8 (8u141-b15-3) unstable; urgency=high * Fix building the javadocs, build error introduced by the m68k changes. * Update the kfreebsd patches (Adrian Glaubitz). Closes: #869643, #869672. -- Matthias Klose Tue, 25 Jul 2017 17:03:27 +0200 openjdk-8 (8u141-b15-2) unstable; urgency=high [ Matthias Klose ] * Update the m68k-support patch (Adrian Glaubitz). Closes: #864180. * Disable generation of jvmti.html on m68k (Adrian Glaubitz). Closes: #864205. * Disable the jamvm autopkg tests. * CVE-2017-10243 is also fixed in 8u141-b15 (S8182054). [ Tiago Stürmer Daitx ] * patches/hotspot-ppc64el-S8181055-use-numa-v2-api.patch: mbind invalid argument message is still seen after S8175813; use numa_interleave_memory v2 api when available. LP: #1705763. -- Matthias Klose Mon, 24 Jul 2017 23:09:09 +0200 openjdk-8 (8u141-b15-1) unstable; urgency=high * Update to 8u141-b15, Hotspot 8u141-b16 for AArch64. * Security fixes from 8u141: - CVE-2017-10102, S8163958: Improved garbage collection. - CVE-2017-10053, S8169209: Improved image post-processing steps. - CVE-2017-10067, S8169392: Additional jar validation steps. - CVE-2017-10081, S8170966: Right parenthesis issue. - CVE-2017-10078, S8171539: Better script accessibility for JavaScript. - CVE-2017-10087, S8172204: Better Thread Pool execution. - CVE-2017-10089, S8172461: Service Registration Lifecycle. - CVE-2017-10090, S8172465: Better handling of channel groups. - CVE-2017-10096, S8172469: Transform Transformer Exceptions. - CVE-2017-10101, S8173286: Better reading of text catalogs. - CVE-2017-10107, S8173697: Less Active Activations. - CVE-2017-10074, S8173770: Image conversion improvements. - CVE-2017-10110, S8174098: Better image fetching. - CVE-2017-10108, S8174105: Better naming attribution. - CVE-2017-10109, S8174113: Better sourcing of code. - CVE-2017-10115, S8175106: Higher quality DSA operations. - CVE-2017-10118, S8175110: Higher quality ECDSA operations. - CVE-2017-10116, S8176067: Proper directory lookup processing. - CVE-2017-10135, S8176760: Better handling of PKCS8 material. - CVE-2017-10176, S8178135: Additional elliptic curve support. - CVE-2017-10193, S8179101: Improve algorithm constraints implementation. - CVE-2017-10198, S8179998: Clear certificate chain connections. - S8174770: Check registry registration location. - S8174873: Improved certificate procesing. - S8176055: JMX diagnostic improvements. - S8176536: Improved algorithm constraints checking. - S8181420: PPC: Image conversion improvements. - S8182054: Improve wsdl support. - S8184185: Rearrange MethodHandle arrangements. [ Matthias Klose ] * Provide jvmdir symlink in /usr/lib/debug. Closes: #867314. * Fix pt_BR translation in awt message. Closes: #863331. [ Tiago Stürmer Daitx ] * debian/rules: - enable apport hook on Ubuntu and derivatives only. - remove with_zenhai logic. - remove unused with_tzdata logic, move tzdata build dependency to control.in. - add Breaks:tzdata-java except for wheezy, jessie or trusty. - re-enable jamvm for Xenial only. - run debian/control before build so we won't build with a invalid control file. - remove logic to select between ttf or font packages and depend on fonts-wqy-microhei and fonts-wqy-zenhei instead * debian/apport-hook.py: add an apport hook to include conffiles modified by the user on any report and the hs_err log file on crash report only. LP: #1696886. * patches/fontconfig-arphic-uming.diff: only enabled when with_zenhai was false; not required since lenny. * patches/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch: prevent invalid argument message when invoking UseNUMA on a system with non-consecutive numa topology. LP: #1697348. -- Matthias Klose Fri, 21 Jul 2017 13:51:05 +0200 openjdk-8 (8u131-b11-2) unstable; urgency=medium * Tighten dependency on libatk-wrapper-java-jni. Closes: #862508. -- Matthias Klose Tue, 16 May 2017 14:38:22 -0700 openjdk-8 (8u131-b11-1) unstable; urgency=high * Update to 8u131-b11, Hotspot 8u112-b12 for AArch64. * Security fixes: - S8167110, CVE-2017-3514: Windows peering issue. - S8165626, CVE-2017-3512: Improved window framing. - S8163528, CVE-2017-3511: Better library loading. - S8169011, CVE-2017-3526: Resizing XML parse trees. - S8163520, CVE-2017-3509: Reuse cache entries. - S8171533, CVE-2017-3544: Better email transfer. - S8170222, CVE-2017-3533: Better transfers of files. - S8171121, CVE-2017-3539: Enhancing jar checking. [ Tiago Stürmer Daitx ] * d/p/jdk-ppc64el-S8165231.diff: fixes java.nio.Bits.unaligned() on ppc64el. LP: #1677612. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. [ Matthias Klose ] * openjdk-8-jre-headless: Add a break for tzdata-java. Closes: #857992. * Use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional package names. Closes: #859528. -- Matthias Klose Mon, 01 May 2017 19:28:19 +0700 openjdk-8 (8u121-b13-4.1) unstable; urgency=medium * Non-maintainer upload. * openjdk-8-jre-headless: Add Breaks: tzdata-java to ensure openjdk gets upgraded on dist-upgrades from jessie. (Closes: #857992) -- Andreas Beckmann Tue, 18 Apr 2017 22:32:33 +0200 openjdk-8 (8u121-b13-4) unstable; urgency=medium * Drop Recommends on obsolete GNOME libraries so they are not in a default GNOME desktop installation (Simon McVittie). Closes: #850268. - sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24) over obsolete libgconf2-4. - sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24) over libgnomevfs-2-0. - sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over libgnomevfs2-0. * See the bug report for an analysis why this can be done for releases back to Debian wheezy (7.0) and Ubuntu precise (12.04 LTS). -- Matthias Klose Fri, 03 Mar 2017 18:46:54 +0100 openjdk-8 (8u121-b13-3) unstable; urgency=medium * Really don't build the JamVM VM. * Fix 8164293: HotSpot leaking memory in long-running requests. Closes: #853758. * Add OpenJDK Stack Unwinder and Frame Decorator for gdb. -- Matthias Klose Wed, 08 Feb 2017 07:24:13 +0100 openjdk-8 (8u121-b13-2) unstable; urgency=medium * Fix libjpeg dependency. Closes: #852378. -- Matthias Klose Tue, 24 Jan 2017 14:22:36 +0100 openjdk-8 (8u121-b13-1) unstable; urgency=high * Update to 8u121-b13, Hotspot 8u112-b16 for AArch64. [ Matthias Klose ] * Build using the default flags (POWER8) on ppc64el. * Add a breaks for ca-certificates-java (<< 20160321~). Closes: #851667. * Stop building JamVM for the stretch release, the VM is not working with recent OpenJDK 8 updates. Closes: #841229, #842132. * Fix location of jspawnhelper for KFreeBSD. Closes: #851053. [ Tiago Stürmer Daitx ] * debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845. * Update to 8u121-b13, including security fixes. - S8165344, CVE-2017-3272: A protected field can be leveraged into type confusion. - S8167104, CVE-2017-3289: Custom class constructor code can bypass the required call to super.init allowing for uninitialized objects to be created. - S8156802, CVE-2017-3241: RMI deserialization should limit the types deserialized to prevent attacks that could escape the sandbox. - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling dispose() on a CMenuComponentmultiple times. - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique. - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt sections to be 2^32-1 bytes long so these should not be uncompressed unless the user explicitly requests it. - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may leak information about k. - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may leak information about k. - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to deserialize responses from an LDAP server when an LDAP context is expected. - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how users or external applications would interpret them leading to possible security issues. - S8168705, CVE-2016-5547: A value from an InputStream is read directly into the size argument of a new byte[] without validation. - S8164147, CVE-2017-3261: An integer overflow exists in SocketOutputStream which can lead to memorydisclosure. - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. * d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed. * d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed. * d/p/6926048.diff: Already applied upstream; removed. * d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve StrictMath performance on ppc64el. LP: #1646927. * d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying links to non-existant files. Closes: #841269. * Refreshed various patches. -- Matthias Klose Mon, 23 Jan 2017 11:03:55 +0100 openjdk-8 (8u111-b14-3) unstable; urgency=high [ Tiago Stürmer Daitx ] * Remove cacao references, updated jtreg tests to use agentvm and auto concurrency. * Run the jtreg tests on autopkg testing. -- Matthias Klose Wed, 02 Nov 2016 20:05:41 +0100 openjdk-8 (8u111-b14-2) unstable; urgency=high * Apply the kfreebsd patches conditionally. -- Matthias Klose Wed, 19 Oct 2016 21:26:28 +0200 openjdk-8 (8u111-b14-1) unstable; urgency=high * Update to 8u111-b14, including security fixes. - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * Enable hotspot builds for sparc64. Closes: #835973. -- Matthias Klose Wed, 19 Oct 2016 19:02:13 +0200 openjdk-8 (8u102-b14.1-2) unstable; urgency=medium * Fix build failure with GCC 6. Closes: #811694. * Fix JamVM, lacking JVM_GetResourceLookupCacheURLs (Xerxes Rånby). Closes: #826206. * Explicitly build using GCC 6. -- Matthias Klose Sat, 06 Aug 2016 10:12:09 +0200 openjdk-8 (8u102-b14.1-1) unstable; urgency=medium * Use the 8u101 tarballs instead of the 8u102 tarballs (inventing a fake version number). -- Matthias Klose Mon, 01 Aug 2016 16:31:18 +0200 openjdk-8 (8u102-b14-2) unstable; urgency=medium * Update AArch64 and KFreeBSD patches. -- Matthias Klose Tue, 26 Jul 2016 13:00:12 +0200 openjdk-8 (8u102-b14-1) unstable; urgency=medium * Update to 8u101-b14, including security fixes: * IIOP Input Stream Hooking. CVE-2016-3458: defaultReadObject is not forbidden in readObject in subclasses of InputStreamHook which provides leverage to deserialize malicious objects if a reference to the input stream can be obtained separately. * Complete name checking. S8148872, CVE-2016-3500: In some cases raw names in XML data are not checked for length limits allowing for DoS attacks. * Better delineation of XML processing. S8149962, CVE-2016-3508: Denial of service measures do not take newline characters into account. This can be used to conduct attacks like the billion laughs DoS. * Coded byte streams. S8152479, CVE-2016-3550: A fuzzed class file triggers an integer overflow in array access. * Clean up lookup visibility. S8154475, CVE-2016-3587: A fast path change allowed access to MH.invokeBasic via the public lookup object. MH.iB does not do full type checking which can be used to create type confusion. * Bolster bytecode verification. S8155981, CVE-2016-3606: The bytecode verifier checks that any classes' method calls super. before returning. There is a way to bypass this requirement which allows creating subclasses of classes that are not intended to be extended. * Persistent Parameter Processing. S8155985, CVE-2016-3598: TOCTOU issue with types List passed into dropArguments() which can be used to cause type confusion. * Additional method handle validation. S8158571, CVE-2016-3610: MHs.filterReturnValue does not check the filter parameter list size. The single expected parameter is put in the last parameter position for the filter MH allowing for type confusion. * Enforce GCM limits. S8146514: In GCM the counter should not be allowed to wrap (per the spec), since that plus exposing the encrypted data could lead to leaking information. * Construction of static protection domains. S8147771: SubjectDomainCombiner does not honor the staticPermission field and will create ProtectionDomains that vary with the system policy which may allow unexpected permission sets. * Share Class Data. S8150752: Additional verification of AppCDS archives is required to prevent an attacker from creating a type confusion situation. * Enforce update ordering. S8149070: If the GCM methods update() and updateAAD() are used out of order, the security of the system can be weakened and an exception should be thrown to warn the developer. * Constrain AppCDS behavior. S8153312: AppCDS does not create classloader constraints upon reloading classes which could allow class spoofing under some circumstances. -- Matthias Klose Fri, 24 Jun 2016 14:49:34 +0200 openjdk-8 (8u91-b14-3) unstable; urgency=medium * Fix an issue with libatk-wrapper (Samuel Thibault). Closes: #827795. * Update the KFreeBSD support patch (Steven Chamberlain). Closes: #825514. * debian/patches/hotspot-JDK-8158260-ppc64el.patch: JDK-8158260, PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (Tiago Stürmer Daitx). LP: #1594393. -- Matthias Klose Fri, 24 Jun 2016 14:49:34 +0200 openjdk-8 (8u91-b14-2ubuntu1) yakkety; urgency=medium * Disable the atk bridge again on Ubuntu yakkety (failing TCK tests). -- Matthias Klose Mon, 25 Apr 2016 17:44:32 +0200 openjdk-8 (8u91-b14-2) unstable; urgency=medium * Set initial VMThreadStackSize to 1600 on s390x. -- Matthias Klose Fri, 22 Apr 2016 23:21:34 +0200 openjdk-8 (8u91-b14-1) unstable; urgency=high * Drop unused g++-4.9 build dependency. -- Matthias Klose Thu, 21 Apr 2016 17:03:22 +0200 openjdk-8 (8u91-b14-0ubuntu4) xenial; urgency=medium * Update to 8u91-b14. - Addresses CVE-2016-0686 (S8129952), CVE-2016-0687 (S8132051), CVE-2016-3427 (S8144430), CVE-2016-0695 (S8138593), CVE-2016-3425 (S8143167), CVE-2016-3426 (S8143945). * Backport parts of 8132051 and 6926048 to fix the zero builds. * Add a versioned break to the oracle-java8-installer package. The package inflates the priority of the java alternatives again. See https://lists.ubuntu.com/archives/ubuntu-devel/2016-April/039324.html. -- Matthias Klose Thu, 21 Apr 2016 16:25:37 +0200 openjdk-8 (8u77-b03-3ubuntu4) xenial; urgency=medium * Fix setting the update version (77). LP: #1550244. * Really re-enable running the tests. -- Matthias Klose Wed, 20 Apr 2016 11:28:13 +0200 openjdk-8 (8u77-b03-3ubuntu3) xenial; urgency=medium * Build-depend on jtreg again, run the tests during the build. -- Matthias Klose Wed, 13 Apr 2016 19:17:37 +0200 openjdk-8 (8u77-b03-3ubuntu2) xenial; urgency=medium * Fix stripping the libjvm.so files. -- Matthias Klose Wed, 06 Apr 2016 13:41:39 +0200 openjdk-8 (8u77-b03-3ubuntu1) xenial; urgency=medium * Regenerate the control file. -- Matthias Klose Fri, 01 Apr 2016 20:40:42 +0200 openjdk-8 (8u77-b03-3) unstable; urgency=medium * Configure with --with-milestone and --with-user-release-suffix. * Fix binary-indep only build. Closes: #819618. -- Matthias Klose Fri, 01 Apr 2016 18:31:13 +0200 openjdk-8 (8u77-b03-2) unstable; urgency=medium * Don't configure with --disable-precompiled-headers on arm64. -- Matthias Klose Thu, 31 Mar 2016 01:12:20 +0200 openjdk-8 (8u77-b03-1) unstable; urgency=medium * Update to 8u77-b03. - Addresses CVE-2016-0636: Improve MethodHandle consistency. * Build-depend on openjdk-8-jdk-headless . * Disable the atk bridge again on Ubuntu xenial (failing TCK tests). * Use versioned Build-Depends on autoconf (>= 2.69). Closes: #818626. * Stop providing java-runtime, java-runtine-headless, java-compiler. Closes: #815475. * Fix logic for libgnome/libgconf recommendations. Closes: #813943. -- Matthias Klose Wed, 30 Mar 2016 00:10:38 +0200 openjdk-8 (8u72-b15-4) unstable; urgency=medium * Regenerate the control file. [ Aurelian Jarno ] * Reapply patch to fix jamvm on mips*, lost in version 8u72-b15-1. * Build jamvm again on mips and mipsel. * Build with GCC 5 on mips*. -- Matthias Klose Thu, 25 Feb 2016 14:20:49 +0100 openjdk-8 (8u72-b15-3) unstable; urgency=medium * Split out an openjdk-8-jdk-headless package. * Don't run the tests on Ubuntu xenial (openjdk-8 now in main, jtreg in universe). * Recognize -dcevm as a jvm. Closes: #814421. * Update libgconf/libgnome jre recommendations. Closes: #813943. * Update package reference in README. Closes: #814605. * Add french translation for policytool desktop file. Addresses: #813851. * Install app icons again. -- Matthias Klose Thu, 25 Feb 2016 12:04:29 +0100 openjdk-8 (8u72-b15-2) unstable; urgency=medium * Bump the priority for OpenJDK 8 as the default. * Stop building jamvm on mips and mipsel, fails to build. -- Matthias Klose Fri, 05 Feb 2016 17:31:08 +0100 openjdk-8 (8u72-b15-1) unstable; urgency=medium * Update to 8u72-b15. - Addresses CVE-2016-0483 (8139017), CVE-2016-0494 (8140543), CVE-2015-8126 (8143941), CVE-2016-0475 (8138589), CVE-2016-0402 (8059054), CVE-2016-0466 (8133962), CVE-2016-0448 (8130710), CVE-2015-7575 (8144773). * Apply proposed patch for JDK-8141491: Unaligned memory access in Bits.c. * Fix zero on m68k, introduced by 8046246 (patch suggested by Michael Karcher). -- Matthias Klose Fri, 22 Jan 2016 11:03:19 +0100 openjdk-8 (8u72-b05-5) unstable; urgency=medium * Fix applying patches on arm64. * Hack around the split KFreeBSD personality. -- Matthias Klose Tue, 15 Dec 2015 07:49:25 +0100 openjdk-8 (8u72-b05-4) unstable; urgency=medium * openjdk-8-jdk: Fix typo in sdk provides. Addresses: #803150. * Fix cross builds. * Build again using GCC 4.9 on mips*, fails to build with GCC 5. -- Matthias Klose Mon, 14 Dec 2015 21:54:43 +0100 openjdk-8 (8u72-b05-3) unstable; urgency=medium * Fix stripping packages (use bash instead of expr substring, Roderich Schupp). Closes: #806421. * Fix StackOverflowError on Zero JVM initialization on non x86 platforms, when built with GCC 5. * Build with GCC 5 everywhere. * Build using giflib 5. -- Matthias Klose Mon, 30 Nov 2015 06:22:36 +0100 openjdk-8 (8u72-b05-2) unstable; urgency=medium * Update configury for sparc64 (Steven Chamberlain). Closes: #806202. -- Matthias Klose Thu, 26 Nov 2015 21:34:53 +0100 openjdk-8 (8u72-b05-1) unstable; urgency=medium * Update to 8u72-b05. * Strip packages again, Debian infrastruction is fixed. Closes: #775760. -- Matthias Klose Sat, 31 Oct 2015 02:40:57 +0100 openjdk-8 (8u66-b17-1) unstable; urgency=high * Update to 8u66-b17. * Security fixes: - S8048030, CVE-2015-4734: Expectations should be consistent - S8068842, CVE-2015-4803: Better JAXP data handling - S8076339, CVE-2015-4903: Better handling of remote object invocation - S8076383, CVE-2015-4835: Better CORBA exception handling - S8076387, CVE-2015-4882: Better CORBA value handling - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency - S8076413, CVE-2015-4883: Better JRMP message handling - S8078427, CVE-2015-4842: More supportive home environment - S8078440: Safer managed types - S8080541: More direct property handling - S8080688, CVE-2015-4860: Service for DGC services - S8081744, CVE-2015-4868: Clear out list corner case - S8081760: Better group dynamics - S8086092. CVE-2015-4840: More palette improvements - S8086733, CVE-2015-4893: Improve namespace handling - S8087350: Improve array conversions - S8103671, CVE-2015-4805: More objective stream classes - S8103675: Better Binary searches - S8129611: Accessbridge error handling improvement - S8130078, CVE-2015-4911: Document better processing - S8130185: More accessible access switch - S8130193, CVE-2015-4806: Improve HTTP connections - S8130864: Better server identity handling - S8130891, CVE-2015-4843: (bf) More direct buffering - S8131291, CVE-2015-4872: Perfect parameter patterning - S8132042, CVE-2015-4844: Preserve layout presentation * Strip packages again, Debian infrastruction is fixed. Closes: #775760. -- Matthias Klose Wed, 21 Oct 2015 22:48:28 +0200 openjdk-8 (8u66-b01-6) unstable; urgency=medium * Fix pulseaudio build on KFreeBSD. -- Matthias Klose Thu, 15 Oct 2015 02:07:13 +0200 openjdk-8 (8u66-b01-5) unstable; urgency=medium * Backport the proposed patch for 8036767, renaming the architecture on ppc64el from ppc64 to ppc64le. * JDK-8073139: PPC64: User-visible arch directory and os.arch value on ppc64le cause issues with Java tooling (Tiago Stürmer Daitx). -- Matthias Klose Thu, 08 Oct 2015 08:03:51 +0200 openjdk-8 (8u66-b01-4) unstable; urgency=medium * Update KFreeBSD patches (Steven Chamberlain). Closes: #761067. * Really fix preprocessor defines for alpha and sh4. * Re-enable the partial stripping for the jre packages. * openjdk-jre-headless: Directly depend on libfontconfig1. Closes: #793210. -- Matthias Klose Sun, 13 Sep 2015 13:04:03 +0200 openjdk-8 (8u66-b01-3) unstable; urgency=medium * Build using GCC 4.9 for zero ports. -- Matthias Klose Sat, 05 Sep 2015 16:06:38 +0200 openjdk-8 (8u66-b01-2) unstable; urgency=medium * Fix installing the openjdk.desktop file when cautious-launch is available. LP: #1448548. * Define _alpha_ / _sh_ preprocessor macros instead of alpha / sh. * Fix jdk gensrc build on x32. * Re-enable the atk bridge for releases with a fixed atk bridge. * Really apply the 32bit detection patch. Closes: #787072. * Make derivatives builds the same as the parent distro. Closes: #797665. * Add m68k support for Zero (Andreas Schwab). * Sort the enums and the annotations in the package-tree.html files. -- Matthias Klose Fri, 04 Sep 2015 18:49:13 +0200 openjdk-8 (8u66-b01-1) unstable; urgency=medium * Update to 8u66-b01. * Fix jdk build on x32. -- Matthias Klose Mon, 27 Jul 2015 13:46:58 +0200 openjdk-8 (8u60~b22-1) unstable; urgency=medium * Update to 8u60-b22. * Don't use solaris compiler flags for linux sparc builds. Closes: #790370. -- Matthias Klose Mon, 22 Jun 2015 22:15:22 +0200 openjdk-8 (8u45-b14-4) unstable; urgency=medium * Fix 32bit detection for the build jdk; try to build again for mips and mipsel (James Cowgill). Closes: #787072. * Fix 8074312, enable hotspot builds on 4.x Linux kernels. Closes: #786417. * openjdk-jre-headless: Add dependency on the package containing the mountpoint binary. Closes: #787106. -- Matthias Klose Mon, 22 Jun 2015 22:15:22 +0200 openjdk-8 (8u45-b14-3) unstable; urgency=medium * Stop building for mips and mipsel. Addresses #785051. * jdk: Fix freeNativeStringArray declaration. Closes: #785530. -- Matthias Klose Sun, 17 May 2015 16:13:11 +0200 openjdk-8 (8u45-b14-2) unstable; urgency=medium * Fix JamVM with 8u45. Closes: #766284. -- Matthias Klose Sun, 10 May 2015 19:28:41 +0200 openjdk-8 (8u45-b14-1) unstable; urgency=medium * Update to 8u45-b14. * Update AArch64 to (post) 8u45-b14. * Make libnss3-dev installable on precise (Thorsten Glaser). LP: #1411630. * Only install the openjdk-java.desktop file when using cautious-launcher. -- Matthias Klose Sun, 19 Apr 2015 16:31:44 +0200 openjdk-8 (8u40-b27-1) unstable; urgency=medium * Update to 8u40-b27. * Update AArch64 to (post) 8u40-b25. * Fix libjavajpeg build using the system jpeg library. Closes: #760926. -- Matthias Klose Tue, 17 Mar 2015 01:19:45 +0100 openjdk-8 (8u40~b22-1ubuntu1) vivid; urgency=medium * Update AArch64 to 8u40-b22. * Update the alpha float patch. * Fix JDK-8067330, ZERO_ARCHDEF incorrectly defined for PPC/PPC64 architectures. * Fix JDK-8067331, Zero: Atomic::xchg and Atomic::xchg_ptr need full memory barrier. * Build using OpenJDK-8. -- Matthias Klose Tue, 27 Jan 2015 14:59:00 +0100 openjdk-8 (8u40~b22-1) unstable; urgency=medium * Update to 8u40-b22. * Fix build on mips64 and mips64el. Closes: #776295. * Don't strip libjvm.so to prevent rejection by ftp-master (work around, but no fix in the archive). Addresses: #775760. * Fix jamvm to work with recent security updates. Closes: #766284. -- Matthias Klose Mon, 26 Jan 2015 16:59:37 +0100 openjdk-8 (8u40~b21-1) unstable; urgency=medium * Update to 8u40-b21. -- Matthias Klose Thu, 15 Jan 2015 12:14:18 +0100 openjdk-8 (8u40~b10-1) unstable; urgency=medium * Fix libjpeg runtime dependency. -- Matthias Klose Thu, 16 Oct 2014 08:38:13 +0200 openjdk-8 (8u40~b09-1) unstable; urgency=medium * Update to 8u40-b09. * Update the AArch64 hotspot to 8u40-b09. * Allow to build for Ubuntu 12.04 LTS. * Change B-D to libjpeg-dev to finish the transition to libjpeg-turbo (Ondřej Surý). Closes: #763490. * Backport the fix for 8017773 OpenJDK returns incorrect TrueType font metrics. Closes: #762323. * Depend on libnss3 instead of libnss3-1d for recent releases. Addresses: #760122. -- Matthias Klose Tue, 14 Oct 2014 12:39:18 +0200 openjdk-8 (8u40~b04-2) unstable; urgency=medium * Remove AArch64 patch applied upstream. * Update the kfresbsd jdk patch, still not forwarded upstream. -- Matthias Klose Tue, 09 Sep 2014 17:08:32 +0200 openjdk-8 (8u40~b04-1) experimental; urgency=medium * Update to 8u40-b04. * Backport 8050942, implement template interpreter for ppc64le. * Build-depend on systemtap-sdt-dev. -- Matthias Klose Wed, 03 Sep 2014 21:11:27 +0200 openjdk-8 (8u20-b26-1) experimental; urgency=medium * 8u20 build 26 is the final 8u20 release. * Update the AArch64 hotspot. * Fix applying the kfreebsd patch for JamVM. * x32 build fixes. * Allow openjdk-8-jdk as an alternative build dependency. * Adjust timeouts for jtreg runs. -- Matthias Klose Wed, 20 Aug 2014 10:34:55 +0200 openjdk-8 (8u20~b26-1) experimental; urgency=medium * Update to 8u20-b26. * Update to JamVM 2.0.0. * Update to IcedTea-Sound 1.0.1. * Update toplevel configury to recognize zero archs alpha, mips*, m68k, sh4. * Update kfreebsd-support patches (Steven Chamberlain). * Fix an uninitialized memory issue in adlc (Fridrich Strba). * Move libjavagtk into the -jre package. * Use the system libpcsclite library. * Fix typo, ignoring boot cycle builds (Emmanuel Bourg). * Derive the update version and the build number from the package version (Emmanuel Bourg). * Call quilt with --quiltrc -. Closes: #755710. * openjdk-8-jdk: Fix src.zip symlink. Closes: #755869. -- Matthias Klose Thu, 31 Jul 2014 19:51:35 +0200 openjdk-8 (8u20~b20-2) experimental; urgency=medium * Work around OpenJDK's build system which is not robust enough to accept commas in *FLAGS. * Pass extra flags for non-hotspot builds. * Fix the zero build on i386. * Don't add extra symlinks for the jni_{md,jawt}.h header files. -- Matthias Klose Fri, 11 Jul 2014 20:30:54 +0200 openjdk-8 (8u20~b20-1) experimental; urgency=medium * Initial OpenJDK 8 packaging, based on 8u20-b20. * Fix hotspot build system for GNU make 4.0 (Emmanuel Bourg). * Drop rhino (build) dependencies (Emmanuel Bourg). * Add java8 provides (Emmanuel Bourg). * Add IcedTea patches to build with external jpeg, png and lcms libraries (Emmanuel Bourg). * Add keywords to the desktop files (Emmanuel Bourg). * Remove the suggested dependency on sun-java6-fonts ((Emmanuel Bourg). * Build hotspot on ppc64 and ppc64el. * Add the IcedTea Sound tarball. * Don't strip files when building the images. * Update patches to pass the extra flags to the libsig and libsaproc builds. * Use dh_strip's knowledge about build ids when available. -- Matthias Klose Wed, 09 Jul 2014 20:11:18 +0200 openjdk-7 (7u55-2.4.7-2) unstable; urgency=medium * Fix the quoting of configure flags for the zero build. * Update the java-access-bridge-security patch (Raphael Geissert). * Don't hard code the compiler names in the AArch64 hotspot build. * Build using GCC 4.9 where available. * Add MIPS64(el) support (Yunqiang Su). Closes: #746207. * Suggest fonts-indic instead of ttf-indic-fonts. Closes: #747694. -- Matthias Klose Fri, 16 May 2014 19:12:42 +0200 openjdk-7 (7u55-2.4.7-1) unstable; urgency=high * IcedTea7 2.4.7 release. * Security fixes - S8023046: Enhance splashscreen support. - S8025005: Enhance CORBA initializations. - S8025010, CVE-2014-2412: Enhance AWT contexts. - S8025030, CVE-2014-2414: Enhance stream handling. - S8025152, CVE-2014-0458: Enhance activation set up. - S8026067: Enhance signed jar verification. - S8026163, CVE-2014-2427: Enhance media provisioning. - S8026188, CVE-2014-2423: Enhance envelope factory. - S8026200: Enhance RowSet Factory. - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling. - S8026736, CVE-2014-2398: Enhance Javadoc pages. - S8026797, CVE-2014-0451: Enhance data transfers. - S8026801, CVE-2014-0452: Enhance endpoint addressing. - S8027766, CVE-2014-0453: Enhance RSA processing. - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations. - S8028385: Enhance RowSet Factory. - S8029282, CVE-2014-2403: Enhance CharInfo set up. - S8029286: Enhance subject delegation. - S8029699: Update Poller demo. - S8029730: Improve audio device additions. - S8029735: Enhance service mgmt natives. - S8029740, CVE-2014-0446: Enhance handling of loggers. - S8029745, CVE-2014-0454: Enhance algorithm checking. - S8029750: Enhance LCMS color processing (LCMS 2 only). - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg). - S8029844, CVE-2014-0455: Enhance argument validation. - S8029854, CVE-2014-2421: Enhance JPEG decodings. - S8029858, CVE-2014-0456: Enhance array copies. - S8030731, CVE-2014-0460: Improve name service robustness. - S8031330: Refactor ObjectFactory. - S8031335, CVE-2014-0459: Better color profiling. - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng). - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader. - S8031395: Enhance LDAP processing. - S8032686, CVE-2014-2413: Issues with method invoke. - S8033618, CVE-2014-1876: Correct logging output. - S8034926, CVE-2014-2397: Attribute classes properly. - S8036794, CVE-2014-0461: Manage JavaScript instances. * AArch64 fixes. -- Matthias Klose Wed, 16 Apr 2014 15:37:40 +0200 openjdk-7 (7u51-2.4.6-1) unstable; urgency=medium * IcedTea7 2.4.6 release. * Explicitly use AC_MAINTAINER_MODE and automake-1.11 to create the debian .orig tarball. Addresses: #740289. * Apply patch from upstream to fix bold fonts in Swing applications using GTK L&F (Ryan Tandy). LP: #937200. * Explicitly build-depend on libkrb5-dev. * On AArch64 don't use the hotsport backport for the zero build. -- Matthias Klose Tue, 01 Apr 2014 09:25:19 +0200 openjdk-7 (7u51-2.4.6~pre1-1) unstable; urgency=medium * IcedTea7 2.4.6 prerelease. * Fix icedtea-web build failure on kfreebsd-* (unable to find sun.security.util.SecurityConstants). Steven Chamberlain. Closes: #739032. * Update the AArch64 Hotspot. -- Matthias Klose Thu, 27 Mar 2014 17:24:45 +0100 openjdk-7 (7u51-2.4.5-2) unstable; urgency=medium * Update the KFreeBSD patch (Steven Chamberlain). Closes: #736291. -- Matthias Klose Tue, 04 Feb 2014 13:28:10 +0100 openjdk-7 (7u51-2.4.5-1) unstable; urgency=medium * IcedTea7 2.4.5 release. * Build Hotspot client and server vms for AArch64. -- Matthias Klose Fri, 31 Jan 2014 06:13:20 -0500 openjdk-7 (7u51-2.4.4-1) unstable; urgency=medium * IcedTea7 2.4.4 release. * Security fixes - S6727821: Enhance JAAS Configuration. - S7068126, CVE-2014-0373: Enhance SNMP statuses. - S8010935: Better XML handling. - S8011786, CVE-2014-0368: Better applet networking. - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list. - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code. - S8022904: Enhance JDBC Parsers. - S8022927: Input validation for byte/endian conversions. - S8022935: Enhance Apache resolver classes. - S8022945: Enhance JNDI implementation classes. - S8023057: Enhance start up image display. - S8023069, CVE-2014-0411: Enhance TLS connections. - S8023245, CVE-2014-0423: Enhance Beans decoding. - S8023301: Enhance generic classes. - S8023338: Update jarsigner to encourage timestamping. - S8023672: Enhance jar file validation. - S8024302: Clarify jar verifications. - S8024306, CVE-2014-0416: Enhance Subject consistency. - S8024530: Enhance font process resilience. - S8024867: Enhance logging start up. - S8025014: Enhance Security Policy. - S8025018, CVE-2014-0376: Enhance JAX-P set up. - S8025026, CVE-2013-5878: Enhance canonicalization. - S8025034, CVE-2013-5907: Improve layout lookups. - S8025448: Enhance listening events. - S8025758, CVE-2014-0422: Enhance Naming management. - S8025767, CVE-2014-0428: Enhance IIOP Streams. - S8026172: Enhance UI Management. - S8026176: Enhance document printing. - S8026193, CVE-2013-5884: Enhance CORBA stub factories. - S8026204: Enhance auth login contexts. - S8026417, CVE-2013-5910: Enhance XML canonicalization. - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms. - S8027201, CVE-2014-0376: Enhance JAX-P set up. - S8029507, CVE-2013-5893: Enhance JVM method processing. - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains. * Remove alpha from stage1_gcj_archs. * Use the langtools and jdk tarballs as provided by IcedTea. * Hotspot is dead on sparc. Build the zero interpreter as the default. * Blindly update the KF***BSD patches. -- Matthias Klose Wed, 15 Jan 2014 10:34:34 +0100 openjdk-7 (7u45-2.4.3-5) unstable; urgency=medium * Run the jtreg tests on powerpcspe, tested by Roland Stigge. * Fix zero builds on 64k page kernel configs. * Fix more IcedTea bits to build on x32. -- Matthias Klose Sat, 11 Jan 2014 13:55:34 +0100 openjdk-7 (7u45-2.4.3-4) unstable; urgency=low * Re-enable running the testsuite on powerpc. * Run the testsuite on AArch64. * Fix IcedTea bits to build on x32. -- Matthias Klose Sun, 22 Dec 2013 21:20:10 +0100 openjdk-7 (7u45-2.4.3-3) unstable; urgency=low * Don't build on s390 anymore. * Update hotspot-mips-align patch (Aurelien Jarno). Closes: #732528). * Build for ppc64el. * Try to build zero on x32. * Configure with --enable-zero on sparc and sparc64. -- Matthias Klose Fri, 20 Dec 2013 14:42:38 +0100 openjdk-7 (7u45-2.4.3-2.3) unstable; urgency=medium * Disable bootstrap build on alpha. Closes: #719671. * Disable running the jdk jtreg tests on the hotspot architectures. Hanging on the buildds. * Re-enable the jexec patch, program logic confused by running jexec outside the assumed java home. Closes: #731961. * Don't apply the s390 patches on s390x. s390 is successfully dead. * Fix zero builds on little endian architectures, taken from the trunk. -- Matthias Klose Thu, 12 Dec 2013 18:24:44 +0100 openjdk-7 (7u45-2.4.3-1) unstable; urgency=medium * IcedTea7 2.4.3 release. * Security fixes: - S8006900, CVE-2013-3829: Add new date/time capability. - S8008589: Better MBean permission validation. - S8011071, CVE-2013-5780: Better crypto provider handling. - S8011081, CVE-2013-5772: Improve jhat. - S8011157, CVE-2013-5814: Improve CORBA portablility. - S8012071, CVE-2013-5790: Better Building of Beans. - S8012147: Improve tool support. - S8012277: CVE-2013-5849: Improve AWT DataFlavor. - S8012425, CVE-2013-5802: Transform TransformerFactory. - S8013503, CVE-2013-5851: Improve stream factories. - S8013506: Better Pack200 data handling. - S8013510, CVE-2013-5809: Augment image writing code. - S8013514: Improve stability of cmap class. - S8013739, CVE-2013-5817: Better LDAP resource management. - S8013744, CVE-2013-5783: Better tabling for AWT. - S8014085: Better serialization support in JMX classes. - S8014093, CVE-2013-5782: Improve parsing of images. - S8014098: Better profile validation. - S8014102, CVE-2013-5778: Improve image conversion. - S8014341, CVE-2013-5803: Better service from Kerberos servers. - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations. - S8014530, CVE-2013-5825: Better digital signature processing. - S8014534: Better profiling support. - S8014987, CVE-2013-5842: Augment serialization handling. - S8015614: Update build settings. - S8015731: Subject java.security.auth.subject to improvements. - S8015743, CVE-2013-5774: Address internet addresses. - S8016256: Make finalization final. - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names. - S8016675, CVE-2013-5797: Make Javadoc pages more robust. - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately. - S8017287, CVE-2013-5829: Better resource disposal. - S8017291, CVE-2013-5830: Cast Proxies Aside. - S8017298, CVE-2013-4002: Better XML support. - S8017300, CVE-2013-5784: Improve Interface Implementation. - S8017505, CVE-2013-5820: Better Client Service. - S8019292: Better Attribute Value Exceptions. - S8019617: Better view of objects. - S8020293: JVM crash. - S8021275, CVE-2013-5805: Better screening for ScreenMenu. - S8021282, CVE-2013-5806: Better recycling of object instances. - S8021286: Improve MacOS resourcing. - S8021290, CVE-2013-5823: Better signature validation. - S8022931, CVE-2013-5800: Enhance Kerberos exceptions. - S8022940: Enhance CORBA translations. - S8023683: Enhance class file parsing. * Fix build failure on mips* (Aurelien Jarno). Closes: #729448). * Run autoreconf. Closes: #724083. * Merge the -jre-lib package into -jre-headless. Simplifies the packaging and the savings were not as big as wanted, because the rt.jar is still architecture dependant. Closes: #641049, #722510. -- Matthias Klose Sun, 08 Dec 2013 23:22:06 +0100 openjdk-7 (7u25-2.3.12-4ubuntu3) saucy; urgency=low * Apply missing patch to fix arm64/AArch64 detection. -- Matthias Klose Fri, 11 Oct 2013 17:51:33 +0200 openjdk-7 (7u25-2.3.12-4ubuntu2) saucy; urgency=low * openjdk-jre-headless: Loosen the dependency on -jre-lib. -- Matthias Klose Wed, 09 Oct 2013 16:29:15 +0200 openjdk-7 (7u25-2.3.12-4ubuntu1) saucy; urgency=low * Regenerate the control file. -- Matthias Klose Fri, 16 Aug 2013 12:09:47 +0200 openjdk-7 (7u25-2.3.12-4) unstable; urgency=low * Add the hotspot patches for AArch64, which apparently were not included in the IcedTea release by intent. * Don't interpret arm64 as an ARM architecture, but as AArch64. So much for Debian calling this port arm64 ... * Use host macros instead of build macros for corba and hotspot config. * Re-add multiarch library directories to the default library path. Closes: #712567. * Enable the two-stage build on alpha. Closes: #719671. * Build for powerpcspe (Roland Stigge). Closes: #712686. * Recommend fonts-dejavu-extra instead of ttf-dejavu-extra for current releases. Closes: #718839. -- Matthias Klose Thu, 15 Aug 2013 21:26:51 +0200 openjdk-7 (7u25-2.3.12-3) unstable; urgency=low * Fix kFreeBSD builds (Thanks to Christoph Egger for his help). -- Damien Raude-Morvan Mon, 12 Aug 2013 00:39:41 +0200 openjdk-7 (7u25-2.3.12-2) unstable; urgency=low [ Matthias Klose ] * Regenerate the hotspot-s390 patch. [ Damien Raude-Morvan ] * Update kfreebsd patches. -- Matthias Klose Sat, 03 Aug 2013 20:22:41 +0200 openjdk-7 (7u25-2.3.12-1) unstable; urgency=low * IcedTea7 2.3.12 release. * Don't build with pulseaudio on arm64. * Disable bootstraped build on s390 and sparc. -- Matthias Klose Fri, 02 Aug 2013 15:55:01 +0200 openjdk-7 (7u25-2.3.10-2ubuntu1) saucy; urgency=low * Regenerate the control file. -- Matthias Klose Mon, 15 Jul 2013 23:59:45 +0200 openjdk-7 (7u25-2.3.10-2) unstable; urgency=low [ Matthias Klose ] * Fix gcj-jdk build dependency on ia64 and s390. * Build zero on arm64. [ Gianfranco Costamagna ] * Fix build failure on kfreebsd (Closes: #714528) -- Matthias Klose Sun, 30 Jun 2013 17:12:28 +0200 openjdk-7 (7u25-2.3.10-1) unstable; urgency=high * IcedTea7 2.3.10 release. * Security fixes * S6741606, CVE-2013-2407: Integrate Apache Santuario. * S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls. * S7170730, CVE-2013-2451: Improve Windows network stack support. * S8000638, CVE-2013-2450: Improve deserialization. * S8000642, CVE-2013-2446: Better handling of objects for transportation. * S8001032: Restrict object access. * S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers. * S8001034, CVE-2013-1500: Memory management improvements. * S8001038, CVE-2013-2444: Resourcefully handle resources. * S8001043: Clarify definition restrictions. * S8001308: Update display of applet windows. * S8001309: Better handling of annotation interfaces. * S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost. * S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only). * S8003703, CVE-2013-2412: Update RMI connection dialog box. * S8004288, CVE-2013-2449: (fs) Files.probeContentType problems. * S8004584: Augment applet contextualization. * S8005007: Better glyph processing. * S8006328, CVE-2013-2448: Improve robustness of sound classes. * S8006611: Improve scripting. * S8007467: Improve robustness of JMX internal APIs. * S8007471: Improve MBean notifications. * S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes. * S8007925: Improve cmsStageAllocLabV2ToV4curves. * S8007926: Improve cmsPipelineDup. * S8007927: Improve cmsAllocProfileSequenceDescription. * S8007929: Improve CurvesAlloc. * S8008120, CVE-2013-2457: Improve JMX class checking. * S8008124, CVE-2013-2453: Better compliance testing. * S8008128: Better API coherence for JMX. * S8008132, CVE-2013-2456: Better serialization support. * S8008585: Better JMX data handling. * S8008593: Better URLClassLoader resource management. * S8008603: Improve provision of JMX providers. * S8008607: Better input checking in JMX. * S8008611: Better handling of annotations in JMX. * S8008615: Improve robustness of JMX internal APIs. * S8008623: Better handling of MBeanServers. * S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606. * S8008982: Adjust JMX for underlying interface changes. * S8009004: Better implementation of RMI connections. * S8009008: Better manage management-api. * S8009013: Better handling of T2K glyphs. * S8009034: Improve resulting notifications in JMX. * S8009038: Improve JMX notification support. * S8009057, CVE-2013-2448: Improve MIDI event handling. * S8009067: Improve storing keys in KeyStore. * S8009071, CVE-2013-2459: Improve shape handling. * S8009235: Improve handling of TSA data. * S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change. * S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields. * S8009654: Improve stability of cmsnamed. * S8010209, CVE-2013-2460: Better provision of factories. * S8011243, CVE-2013-2470: Improve ImagingLib. * S8011248, CVE-2013-2471: Better Component Rasters. * S8011253, CVE-2013-2472: Better Short Component Rasters. * S8011257, CVE-2013-2473: Better Byte Component Rasters. * S8012375, CVE-2013-1571: Improve Javadoc framing. * S8012421: Better positioning of PairPositioning. * S8012438, CVE-2013-2463: Better image validation. * S8012597, CVE-2013-2465: Better image channel verification. * S8012601, CVE-2013-2469: Better validation of image layouts. * S8014281, CVE-2013-2461: Better checking of XML signature. * S8015997: Additional improvement in Javadoc framing. * Breaks icedtea-netx (<< 1.4-2). -- Matthias Klose Fri, 28 Jun 2013 16:55:32 +0200 openjdk-7 (7u21-2.3.9-5) unstable; urgency=low * Update kFreeBSD support (Guido Guenther). Closes: #708818. * Stop building the transitional cacao package for sid. -- Matthias Klose Sat, 18 May 2013 20:13:33 +0200 openjdk-7 (7u21-2.3.9-4) unstable; urgency=high * Build the transitional cacao package for sid as well. Apparently some buildds are not updated to list wheezy as the code name for the current distribution. -- Matthias Klose Thu, 02 May 2013 03:27:44 +0200 openjdk-7 (7u21-2.3.9-3) unstable; urgency=high * Disable the cacao build again, causing build failures on i386 and s390. * Build a transitional cacao jre package instead. -- Matthias Klose Tue, 30 Apr 2013 00:27:05 +0200 openjdk-7 (7u21-2.3.9-2) unstable; urgency=high * On ia64, use gcj-4.7 for the bootstrap build. * Drop the cacao jre from recommends to suggests. * Re-enable cacao, was enabled in the 2.1.x series. -- Matthias Klose Sat, 27 Apr 2013 01:17:16 +0200 openjdk-7 (7u21-2.3.9-1) unstable; urgency=high * IcedTea7 2.3.9 release. * Security fixes: - S6657673, CVE-2013-1518: Issues with JAXP. - S7200507: Refactor Introspector internals. - S8000724, CVE-2013-2417: Improve networking serialization. - S8001031, CVE-2013-2419: Better font processing. - S8001040, CVE-2013-1537: Rework RMI model. - S8001322: Refactor deserialization. - S8001329, CVE-2013-1557: Augment RMI logging. - S8003335: Better handling of Finalizer thread. - S8003445: Adjust JAX-WS to focus on API. - S8003543, CVE-2013-2415: Improve processing of MTOM attachments. - S8004261: Improve input validation. - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames. - S8004986, CVE-2013-2383: Better handling of glyph table. - S8004987, CVE-2013-2384: Improve font layout. - S8004994, CVE-2013-1569: Improve checking of glyph table. - S8005432: Update access to JAX-WS. - S8005943: (process) Improved Runtime.exec. - S8006309: More reliable control panel operation. - S8006435, CVE-2013-2424: Improvements in JMX. - S8006790: Improve checking for windows. - S8006795: Improve font warning messages. - S8007406: Improve accessibility of AccessBridge. - S8007617, CVE-2013-2420: Better validation of images. - S8007667, CVE-2013-2430: Better image reading. - S8007918, CVE-2013-2429: Better image writing. - S8008140: Better method handle resolution. - S8009049, CVE-2013-2436: Better method handle binding. - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap. - S8009305, CVE-2013-0401: Improve AWT data transfer. - S8009677, CVE-2013-2423: Better setting of setters. - S8009699, CVE-2013-2421: Methodhandle lookup. - S8009814, CVE-2013-1488: Better driver management. - S8009857, CVE-2013-2422: Problem with plugin. * Backports: - S7130662: GTK file dialog crashes with a NPE. * Bug fixes - PR1363: Fedora 19 / rawhide FTBFS SIGILL. - PR1401: Fix Zero build on 2.3.8. - Fix offset problem in ICU LETableReference. - Change -Werror fix to preserve OpenJDK default. - PR1303: Correct #ifdef to #if. - PR1404: Failure to bootstrap with ecj 4.2. -- Matthias Klose Mon, 22 Apr 2013 03:27:08 +0200 openjdk-7 (7u17-2.3.8-2) experimental; urgency=low * Remove Torsten Werner as uploader. -- Matthias Klose Mon, 01 Apr 2013 00:39:58 +0200 openjdk-7 (7u17-2.3.8-1ubuntu1) raring; urgency=low * Regenerate the control file. -- Matthias Klose Sun, 31 Mar 2013 20:10:05 +0200 openjdk-7 (7u17-2.3.8-1) experimental; urgency=low * IcedTea7 2.3.8 release. * Security fixes: - S8007014, CVE-2013-0809: Improve image handling. - S8007675, CVE-2013-1493: Improve color conversion. * Backports: - S8002344: Krb5LoginModule config class does not return proper KDC list from DNS. - S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c. - S8006179: JSR292 MethodHandles lookup with interface using findVirtual(). - S8006882: Proxy generated classes in sun.proxy package breaks JMockit. * Bug fixes: - PR1303: Correct #ifdef to #if. - PR1340: Simplify the rhino class rewriter to avoid use of concurrency. - Revert 7017193 and add the missing free call, until a better fix is ready. -- Matthias Klose Sun, 31 Mar 2013 14:31:11 +0200 openjdk-7 (7u15-2.3.7-1ubuntu2) raring; urgency=low * Security fixes: - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion - debian/rules: updated to add 8007014.patch and 8007675.patch -- Jamie Strandboge Wed, 06 Mar 2013 14:12:03 -0600 openjdk-7 (7u15-2.3.7-1ubuntu1) raring; urgency=low * Regenerate the control file. -- Matthias Klose Wed, 20 Feb 2013 23:59:54 +0100 openjdk-7 (7u15-2.3.7-1) experimental; urgency=low * IcedTea7 2.3.7 release. * Security fixes: - S8004937, CVE-2013-1484: Improve proxy construction. - S8006439, CVE-2013-1485: Improve MethodHandles coverage. - S8006446, CVE-2013-1486: Restrict MBeanServer access. - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages. - S8007688: Blacklist known bad certificate. * Backports: - S8007393: Possible race condition after JDK-6664509. - S8007611: logging behavior in applet changed. * For zero builds, use the same hotspot version as in 2.1.6. * Reenable bootstrap builds, except for alpha. * Explicitly disable building on mips/mipsel. Not supported by the Debian OpenJDK maintainers, the Debian mips porters, or the Debian Java team. -- Matthias Klose Wed, 20 Feb 2013 23:33:58 +0100 openjdk-7 (7u13-2.3.6-1) experimental; urgency=low * IcedTea7 2.3.6 release. - Disable bootstrap builds, currently broken in IcedTea. * Security fixes: - S6563318, CVE-2013-0424: RMI data sanitization. - S6664509, CVE-2013-0425: Add logging context. - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time. - S6776941: CVE-2013-0427: Improve thread pool shutdown. - S7141694, CVE-2013-0429: Improving CORBA internals. - S7173145: Improve in-memory representation of splashscreens. - S7186945: Unpack200 improvement. - S7186946: Refine unpacker resource usage. - S7186948: Improve Swing data validation. - S7186952, CVE-2013-0432: Improve clipboard access. - S7186954: Improve connection performance. - S7186957: Improve Pack200 data validation. - S7192392, CVE-2013-0443: Better validation of client keys. - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages. - S7192977, CVE-2013-0442: Issue in toolkit thread. - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies. - S7200491: Tighten up JTable layout code. - S7200500: Launcher better input validation. - S7201064: Better dialogue checking. - S7201066, CVE-2013-0441: Change modifiers on unused fields. - S7201068, CVE-2013-0435: Better handling of UI elements. - S7201070: Serialization to conform to protocol. - S7201071, CVE-2013-0433: InetSocketAddress serialization issue. - S8000210: Improve JarFile code quality. - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class. - S8000540, CVE-2013-1475: Improve IIOP type reuse management. - S8000631, CVE-2013-1476: Restrict access to class constructor. - S8001235, CVE-2013-0434: Improve JAXP HTTP handling. - S8001242: Improve RMI HTTP conformance. - S8001307: Modify ACC_SUPER behavior. - S8001972, CVE-2013-1478: Improve image processing. - S8002325, CVE-2013-1480: Improve management of images. * Fix font suggestion for indic fonts in wheezy. * Fix fontconfig definitions for japanese and korean fonts, fixing compilation of the fontconfig file. * Add Built-Using: rhino attribute for the -lib package. * Don't use concurrent features to rewrite the rhino jar file. * Enable class data sharing for the hotspot server VM. -- Matthias Klose Tue, 12 Feb 2013 20:59:48 +0100 openjdk-7 (7u9-2.3.4-1) experimental; urgency=low * IcedTea7 2.3.4 release. * Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries. - S8006017, CVE-2013-0422: Improve lookup resolutions. - S8006125: Update MethodHandles library interactions. * Bug fixes - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts. - G422525: Fix building with PaX enabled kernels. [ Matthias Klose ] * Loosen OpenGL dependency. Closes: #695028. * Fix error parsing drop files parameter from pcmanfm (Alberto Fernández Martínez). Closes: #695992. [ Thorsten Glaser ] * debian/rules: Use gcj-4.6-jdk for m68k builds. * d/patches/text-relocations.patch: build with -fPIC on all archs. -- Matthias Klose Tue, 15 Jan 2013 23:38:48 +0100 openjdk-7 (7u9-2.3.3-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Wed, 17 Oct 2012 15:16:51 +0200 openjdk-7 (7u9-2.3.3-0ubuntu1) quantal-security; urgency=low * IcedTea7 2.3.3 release. * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking. - S7093490: adjust package access in rmiregistry. - S7143535, CVE-2012-5068: ScriptEngine corrected permissions. - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp. - S7158807: Revise stack management with volatile call sites. - S7163198, CVE-2012-5076: Tightened package accessibility. - S7167656, CVE-2012-5077: Multiple Seeders are being created. - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types. - S7169887, CVE-2012-5074: Tightened package accessibility. - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector. - S7172522, CVE-2012-5072: Improve DomainCombiner checking. - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC. - S7189103, CVE-2012-5069: Executors needs to maintain state. - S7189490: More improvements to DomainCombiner checking. - S7189567, CVE-2012-5085: java net obselete protocol. - S7192975, CVE-2012-5071: Issue with JMX reflection. - S7195194, CVE-2012-5084: Better data validation for Swing. - S7195549, CVE-2012-5087: Better bean object persistence. - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved. - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance. - S7196190, CVE-2012-5088: Improve method of handling MethodHandles. - S7198296, CVE-2012-5089: Refactor classloader usage. - S7158800: Improve storage of symbol tables. - S7158801: Improve VM CompileOnly option. - S7158804: Improve config file parsing. - S7198606, CVE-2012-4416: Improve VM optimization. -- Matthias Klose Wed, 17 Oct 2012 13:27:47 +0200 openjdk-7 (7u7-2.3.2a-1ubuntu1) quantal; urgency=low * Build a transitional icedtea-7-jre-cacao package to ease upgrades. -- Matthias Klose Wed, 19 Sep 2012 17:42:39 +0200 openjdk-7 (7u7-2.3.2a-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 15 Sep 2012 22:20:06 +0200 openjdk-7 (7u7-2.3.2a-0ubuntu1) quantal; urgency=low * Repackage the source to drop the cacao tarball (and packaging files). * Depend again on system provided tzdata-java and restore the zi symlink on upgrade. LP: #1050404. * libgnome2-0, libgnomevfs2-0, libgconf2-4 are not prepared for multiarch. Don't depend on these so that openjdk-7 can be installed as a multiarch package. -- Matthias Klose Sat, 15 Sep 2012 17:01:12 +0200 openjdk-7 (7u7-2.3.2-1ubuntu2) quantal; urgency=low * Make the avian VM a known runtime. -- Matthias Klose Wed, 05 Sep 2012 11:58:35 +0200 openjdk-7 (7u7-2.3.2-1ubuntu1) quantal; urgency=low * Fix 32bit hotspot build, don't set maximal heap space lower than minimal heap space for the docs build. * d/p/sane-library-paths.patch, d/p/ant-diagnostics.diff, d/p/fix-race-cond-print.diff, d/p/gcc-hotspot-opt-O[02].diff, d/p/gcc-mtune-generic.diff, d/p/openjdk-6986968.diff: Remove, not used. * Remove unused shark/llvm-3.0 patches. * d/p/zero-only-use-floating-point-if-floating-poi.patch: Remove, applied upstream. * Don't explicitly build with -march=i586 on i386 architectures. * Re-apply zero-missing-headers.diff. * Disable cacao builds, needs update for 7u7. * For Ubuntu quantal, set priorities for alternatives higher than for OpenJDK 6. * Call update-alternatives when the existing priority for the alternative is lower than the current one. * Configure with --disable-downloading. * Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433. * Revert the following change: Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (#661465). The proper fix is to create a -jdk-headless package, or not depending on these gnome packages at all (e.g. using XDG libraries). -- Matthias Klose Tue, 04 Sep 2012 12:08:31 +0200 openjdk-7 (7u7-2.3.2-1) experimental; urgency=low * New upstream IcedTea7 2.3.2 release. * Security fixes: - CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. - S7079902, CVE-2012-1711: Refine CORBA data models. - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement. - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations. - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC. - S7143872, CVE-2012-1718: Improve certificate extension processing. - S7152811, CVE-2012-1723: Issues in client compiler. - S7157609, CVE-2012-1724: Issues with loop. - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile. - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup. * Bump version to 7u7 (OpenJDK), 2.3.2 (IcedTea). Closes: #685276. * d/p/icedtea7-forest-jdk_7104625-XEvent_wrap_logging_calls_with_if.patch, d/p/hotspot-sparc.diff: Remove, integrated upstream. * d/p/{deb-multiarch,fix_extra_flags,hotspot-no-werror}.diff: Add variants for hotspot and zero builds. * d/p/default-jvm-cfg.diff, d/p/icedtea-4953367.patch, d/p/icedtea-patch.diff, d/p/icedtea-pretend-memory.diff, d/p/libpcsclite-dlopen.diff, d/p/nonreparenting-wm.diff: Update for 2.3.2. * Remove build support for Ubuntu releases earlier than hardy. * d/update-shasum.sh: Only update the shasums of the -dfsg tarballs. * Don't apply shark patches (not built anyway). -- Matthias Klose Sat, 01 Sep 2012 11:46:50 +0200 openjdk-7 (7u3-2.1.7-1) unstable; urgency=high * IcedTea7 2.1.7 release: * Security fixes: - S8007014, CVE-2013-0809: Improve image handling. - S8007675, CVE-2013-1493: Improve color conversion. * Backports: - S8002344: Krb5LoginModule config class does not return proper KDC list from DNS. - S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c. - S8006179: JSR292 MethodHandles lookup with interface using findVirtual(). - S8006882: Proxy generated classes in sun.proxy package breaks JMockit. * Bug fixes: - PR1303: Correct #ifdef to #if - Stop libraries being stripped in the OpenJDK build. - PR1340: Simplify the rhino class rewriter to avoid use of concurrency. - Revert 7017193 and add the missing free call, until a better fix is ready. -- Matthias Klose Sat, 30 Mar 2013 11:31:12 +0100 openjdk-7 (7u3-2.1.6-1) unstable; urgency=high * IcedTea7 2.1.5 release: * Security fixes: - S6563318, CVE-2013-0424: RMI data sanitization. - S6664509, CVE-2013-0425: Add logging context. - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time. - S6776941: CVE-2013-0427: Improve thread pool shutdown. - S7141694, CVE-2013-0429: Improving CORBA internals. - S7173145: Improve in-memory representation of splashscreens. - S7186945: Unpack200 improvement. - S7186946: Refine unpacker resource usage. - S7186948: Improve Swing data validation. - S7186952, CVE-2013-0432: Improve clipboard access. - S7186954: Improve connection performance. - S7186957: Improve Pack200 data validation. - S7192392, CVE-2013-0443: Better validation of client keys. - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages. - S7192977, CVE-2013-0442: Issue in toolkit thread. - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies. - S7200491: Tighten up JTable layout code. - S7200493, CVE-2013-0444: Improve cache handling. - S7200499: Better data validation for options. - S7200500: Launcher better input validation. - S7201064: Better dialogue checking. - S7201066, CVE-2013-0441: Change modifiers on unused fields. - S7201068, CVE-2013-0435: Better handling of UI elements. - S7201070: Serialization to conform to protocol. - S7201071, CVE-2013-0433: InetSocketAddress serialization issue. - S8000210: Improve JarFile code quality. - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class. - S8000539, CVE-2013-0431: Introspect JMX data handling. - S8000540, CVE-2013-1475: Improve IIOP type reuse management. - S8000631, CVE-2013-1476: Restrict access to class constructor. - S8001235, CVE-2013-0434: Improve JAXP HTTP handling. - S8001242: Improve RMI HTTP conformance. - S8001307: Modify ACC_SUPER behavior. - S8001972, CVE-2013-1478: Improve image processing. - S8002325, CVE-2013-1480: Improve management of images. * Backports: - S7054590: (JSR-292) MethodHandleProxies.asInterfaceInstance() accepts private/protected nested interfaces. - S7175616: Port fix for TimeZone from JDK 8 to JDK 7. - S8002068: Build broken: corba code changes unable to use new JDK 7 classes. - S8004341: Two JCK tests fails with 7u11 b06. - S8005615: Java Logger fails to load tomcat logger implementation (JULI). * IcedTea7 2.1.6 release: * Security fixes: - S8004937, CVE-2013-1484: Improve proxy construction. - S8006439, CVE-2013-1485: Improve MethodHandles coverage. - S8006446, CVE-2013-1486: Restrict MBeanServer access. - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages. - S8007688: Blacklist known bad certificate. * Backports: - S7123519: problems with certification path. - S8007393: Possible race condition after JDK-6664509. - S8007611: logging behavior in applet changed. * Fix font suggestion for indic fonts in wheezy. * Fix fontconfig definitions for japanese and korean fonts, fixing compilation of the fontconfig file. * Add Built-Using: rhino attribute for the -lib package. * Don't use concurrent features to rewrite the rhino jar file. * Enable class data sharing for the hotspot server VM. * Enable bootstrap builds for alpha. * Explicitly disable building on mips/mipsel. Not supported by the Debian OpenJDK maintainers, the Debian mips porters, or the Debian Java team. -- Matthias Klose Thu, 21 Feb 2013 03:38:13 +0100 openjdk-7 (7u3-2.1.4-1) unstable; urgency=low * IcedTea7 2.1.4 release. * Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries - S8006017, CVE-2013-0422: Improve lookup resolutions - S8006125: Update MethodHandles library interactions * Loosen OpenGL dependency. Closes: #695028. * Fix error parsing drop files parameter from pcmanfm (Alberto Fernández Martínez). Closes: #695992. -- Matthias Klose Wed, 16 Jan 2013 11:46:20 +0100 openjdk-7 (7u3-2.1.3-1) unstable; urgency=low * IcedTea7 2.1.3 release. * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking. - S7093490: adjust package access in rmiregistry. - S7143535, CVE-2012-5068: ScriptEngine corrected permissions. - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp. - S7158807: Revise stack management with volatile call sites. - S7163198, CVE-2012-5076: Tightened package accessibility. - S7167656, CVE-2012-5077: Multiple Seeders are being created. - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types. - S7169887, CVE-2012-5074: Tightened package accessibility. - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector. - S7172522, CVE-2012-5072: Improve DomainCombiner checking. - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC. - S7189103, CVE-2012-5069: Executors needs to maintain state. - S7189490: More improvements to DomainCombiner checking. - S7189567, CVE-2012-5085: java net obselete protocol. - S7192975, CVE-2012-5071: Issue with JMX reflection. - S7195194, CVE-2012-5084: Better data validation for Swing. - S7195549, CVE-2012-5087: Better bean object persistence. - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved. - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance. - S7196190, CVE-2012-5088: Improve method of handling MethodHandles. - S7198296, CVE-2012-5089: Refactor classloader usage. - S7158801: Improve VM CompileOnly option. - S7158804: Improve config file parsing. - S7198606, CVE-2012-4416: Improve VM optimization. * Backports - S7175845: "jar uf" changes file permissions unexpectedly. - S7177216: native2ascii changes file permissions of input file. - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512. - S7158800: Improve storage of symbol tables. -- Matthias Klose Wed, 17 Oct 2012 16:03:47 +0200 openjdk-7 (7u3-2.1.2-2ubuntu1) precise-security; urgency=low * Make the avian VM a known runtime. -- Matthias Klose Sat, 08 Sep 2012 16:01:31 +0200 openjdk-7 (7u3-2.1.2-2) unstable; urgency=high * Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433. -- Matthias Klose Tue, 04 Sep 2012 17:55:43 +0200 openjdk-7 (7u3-2.1.2-1) unstable; urgency=high * IcedTea7 2.1.2 release. * Security fixes - CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531. - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder. - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects. - S7163201, CVE-2012-0547: Simplify toolkit internals references. * d/p/hotspot-sparc.diff: Remove, integrated upstream. * Stop running the mauve tests. -- Matthias Klose Mon, 03 Sep 2012 23:17:11 +0200 openjdk-7 (7~u3-2.1.1-3) unstable; urgency=low * d/rules: Ensure we don't remove -02 (default) when -03 is disabled (fix jamvm FTBFS on armhf without -02). * d/patches/gcc-jdk-opt-O0.diff, d/patches/gcc-jdk-opt-O2.diff, d/patches/gcc-no-hardening.diff, d/patches/gcc-opt-O2.diff: removed. -- Damien Raude-Morvan Wed, 25 Jul 2012 21:18:15 +0200 openjdk-7 (7~u3-2.1.1-2) unstable; urgency=low * d/rules: On Debian Wheezy/Sid bump Build-Depends on libnss3-dev (>= 2:3.13.4) and Depends on libnss3 (>= 2:3.13.4) (ie. with epoch). (Closes: #679465). * d/control: Suggests icedtea-7-plugin instead of icedtea6-plugin (Closes: #680284). * d/patches/7130140-MouseEvent-systemout.diff: Remove "MEvent. CASE!" from console output. (Closes: #679036). * Disable -O3 compile: cause wrong Math.* computations. (Closes: #679292 and Closes: #678228). LP: #1044857. * debian/patches/FreetypeFontScaler_getFontMetricsNative.diff: Fix "OpenJDK returns the text height greater than font size". (Closes: #657854) -- Damien Raude-Morvan Sat, 30 Jun 2012 18:17:51 +0200 openjdk-7 (7~u3-2.1.1-1) unstable; urgency=medium * New upstream release with security fixes (Closes: #677486): - S7079902, CVE-2012-1711: Refine CORBA data models - S7110720: Issue with vm config file loadingIssue with vm config file loading - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC - S7143872, CVE-2012-1718: Improve certificate extension processing - S7145239: Finetune package definition restriction - S7152811, CVE-2012-1723: Issues in client compiler - S7157609, CVE-2012-1724: Issues with loop - S7160677: missing else in fix for 7152811 - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup * Patches merged upstream: - debian/patches/arm-thumb-fix.diff - debian/patches/gcc-4.7.diff [ James Page ] * Cherry picked patch from openjdk-6 to fix handling of ICC profiles (LP: #888123, #888129) (Closes: #676351). [ Damien Raude-Morvan ] * Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (Closes: #661465). * New jni_md_h_JNIEXPORT_visibility.patch to allow JNIEXPORT definition to work with -fvisibility=hidden. (Closes: #670896). -- Damien Raude-Morvan Mon, 11 Jun 2012 21:01:10 +0200 openjdk-7 (7~u3-2.1.1~pre1-2) unstable; urgency=low * Don't mark the -demo package as Multi-Arch same. Closes: #670038. * Build using gcc-4.4 on mips, mipsel. * Build again with older gcj version on s390 (4.6). -- Matthias Klose Thu, 03 May 2012 10:44:20 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu3) precise-proposed; urgency=low * Default to the ARM assembler interpreter instead to JamVM on ARM. LP: #993380. -- Matthias Klose Wed, 02 May 2012 17:58:20 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu2) precise; urgency=low * Use the /usr/bin path for the policytool desktop file. LP: #980205. Closes: #670037. -- Matthias Klose Thu, 12 Apr 2012 23:29:06 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu1) precise; urgency=low * Regenerate the control file. -- Matthias Klose Wed, 11 Apr 2012 07:21:41 +0200 openjdk-7 (7~u3-2.1.1~pre1-1) unstable; urgency=low * Update from the IcedTea7-2.1 release branch (20110410). * Install desktop files again, using the common /usr/bin/java interpreter name. * Build-depend on libpng-dev for newer releases. Closes: #662452. * Let dlopen handle finding the libpcsclite library. LP: #898689. * Build-depend on fonts-ipafont-mincho, fixing a build failure in the fontconfig compiler (find out why it breaks ...). * Build using gcc-4.7/gcj-4.7 for sid/wheezy, fix build failure. * Remove `-icedtea' suffix from the release identification. * Fix arm thumb build, update taken from IcedTea6. -- Matthias Klose Tue, 10 Apr 2012 14:11:09 +0200 openjdk-7 (7~u3-2.1-4) unstable; urgency=low [ Matthias Klose ] * Don't install the binary fontconfig file. LP: #964303. [ Damien Raude-Morvan ] * Remove libxp-dev check in configure.ac, it's not needed anymore (Closes: #657260) and so drop build dependency on libxp-dev. * Fix FTBFS with glib 2.32 by adding explicit dependency gthread-2.0.pc (Closes: #665666). * Use libpng-dev instead of libpng12-dev for wheezy/sid (Closes: #662453). -- Damien Raude-Morvan Mon, 09 Apr 2012 00:21:20 +0200 openjdk-7 (7~u3-2.1-3) unstable; urgency=low * d/rules,Makefile.am: Improve handling of dpkg-buildflags: don't overwrite CFLAGS of hotspot but use EXTRA_* flags into icedtea and openjdk Makefile. (Closes: #661695). * d/rules: Build everything with -03 opt level (jamvm, cacao and jdk) * d/patches/kfreebsd-support-*.diff: Refresh kfreebsd patches and fix FTBFS on k-i386 (ie. at least on a sid VM). * Backport S7104625 as d/patches/icedtea7-forest-jdk_7104625*.patch to check for logging to prevent wasted CPU (Closes: #651423). -- Damien Raude-Morvan Tue, 06 Mar 2012 01:09:09 +0100 openjdk-7 (7~u3-2.1-2) unstable; urgency=low [ Matthias Klose ] * Use NanumMyeongjo as the preferred korean font. LP: #792471. * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when ifr_ifindex exceeds 255. LP: #925218. S7078386. * Use IPAfont as the preferred japanesse font. Closes: #646054. * Build using gcj on alpha and armel. Closes: #655750. [ Damien Raude-Morvan ] * d/patches/sparc-stubgenerator.diff: Fix FTBFS on sparc on stubGenerator_sparc.cpp by using explicit class typedef (Closes: #660871). * d/patches/fix_extra_flags.diff: Improve support for hardened build, also send flags to jdk build and send -Wl,-z,relro during hotspot link. * Bump Standards-Version to 3.9.3: no changes needed. * d/control: Don't use nonexistent dlopenjl:Recommends substvar, replaced by dlopenhl:Recommends. * d/*.{prerm,postrm}: Use set -e inside script instead of sh -e shebang. * Cleanup lintian-overrides. -- Damien Raude-Morvan Wed, 29 Feb 2012 00:52:49 +0100 openjdk-7 (7~u3-2.1-1ubuntu2) precise; urgency=low * Make sure that the nss.cfg doesn't mention any library path. LP: #939361, #939419. * Disable the accessibility wrapper, doesn't work yet. LP: #935296. -- Matthias Klose Fri, 24 Feb 2012 15:10:12 +0100 openjdk-7 (7~u3-2.1-1ubuntu1) precise; urgency=low [ Damien Raude-Morvan ] * d/patches/jexec.diff: Dropped, uneeded and not compatible with multi-arch. * d/rules: Use dpkg-buildflags to enable hardened build. (Closes: #660021). [ Matthias Klose ] * Merge r522 from openjdk6: - Make upgrades from non-multiarch to multiarch builds more silent. - Fix order of grant decls in java.policy. - Make doc files multi-arch installable. - JB-archive.applications.in: Use /usr/bin/java by default. Maybe should be moved to the default-jdk package. * Explicitly look for the gthread-2.0 pkgconfig module. -- Matthias Klose Wed, 22 Feb 2012 14:07:16 +0100 openjdk-7 (7~u3-2.1-1) unstable; urgency=low * Update icedtea7 2.1 (OpenJDK7 ~u3 release): - Check for logging to prevent wasted CPU (Closes: #651423). * Fix following security issues: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server [ Matthias Klose ] * openjdk-7-jre-lib: Mark as Multi-Arch: foreign. [ Damien Raude-Morvan ] * Merge r501-521 from openjdk6: - Fix plugin name in jinfo file. - Fix build flags for cppInterpreter_arm.o. - Use java-atk-wrapper instead of java-access-bridge for accessibility. - Make the java.policy file multi-arch installable. - Don't install desktop and menu files for multiarch builds. Needs a better solution. - Don't install an alternative for the deprecated apt tool. - Make the upgrade from a non-multiarch installation location more robust; don't depend on version numbers, but check the path of the alternatives. - Disable test for armel and powerpc (broken on buildd) * d/rules: Make symbolic links to src.zip on /usr/lib/jvm/java-7-openjdk-amd64 like openjdk-6-jdk (Closes: #649618). * d/rules: Pass -n to gzip when compressing manpages to be Multi-Arch: same safe. * d/rules: Add build-arch/build-indep target. * d/rules: Re-enable Cacao VM! * d/{rules,control}: Only rhino 1.7R3 is supported by openjdk7, update B-D. * d/patches/hotspot-s390.diff: Update for latest Hotspot. * d/patches/icedtea-patch.diff: Move nssLibraryDirectory handling to d/rules. * d/rules: Remove --with-*-drop-zip options, as code drops are embedded. * d/patches/hsx23-zero.patch, patches/shark-compiler-fixes.patch: Fix FTBFS for Zero under Hotspot >= v22. * d/patches/kfreebsd-*: Refreshed. * d/control: Make openjdk-7-source:all package binNMU-able by using Depends ">=" on openjdk-7-jre (ie. src.zip won't change). -- Damien Raude-Morvan Wed, 15 Feb 2012 20:55:52 +0100 openjdk-7 (7~b147-2.0-1) unstable; urgency=low * New upstream IcedTea7 release. - S7000600, CVE-2011-3547: InputStream skip() information leak. - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor. - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow. - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager. - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak. - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine. - S7055902, CVE-2011-3521: IIOP deserialization code execution. - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks. - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST). - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer. - S7077466, CVE-2011-3556: RMI DGC server remote code execution. - S7083012, CVE-2011-3557: RMI registry privileged code execution. - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection. [ Matthias Klose ] * Merge debian packaging r501 from openjdk-6: - Tighten inter-package dependencies for Debian builds. Closes: #641240. * Build-depend on wdiff. -- Damien Raude-Morvan Sat, 01 Oct 2011 10:53:15 +0200 openjdk-7 (7~b147-2.0~pre6-2) unstable; urgency=low * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar to sun.* code. * d/patches/s390_hotspot_fix.diff: Update to fix FTBFS on s390. -- Damien Raude-Morvan Sat, 01 Oct 2011 10:53:15 +0200 openjdk-7 (7~b147-2.0~pre6-1) unstable; urgency=low * Update to IcedTea7 (20110928). [ Matthias Klose ] * Merge debian packaging r496 from openjdk-6: - Fix dangling java-1.7.0-openjdk symlink for non-multiarch builds. [ Damien Raude-Morvan ] * d/rules: --disable-compile-against-syscalls for kFreeBSD (since there is no epoll support). * Update patches: - d/patches/sun-awt-buildsystem.diff: Drop, merged upstream. - d/patches/icedtea-override-redirect-compiz.patch: Refresh. - d/patches/s390_hotspot_fix.diff: Extracted (instead of direct patch). * Add Build-Depends on libattr1-dev. -- Damien Raude-Morvan Wed, 28 Sep 2011 17:19:33 +0200 openjdk-7 (7~b147-2.0~pre5-1) unstable; urgency=low * Update to IcedTea7 (20110914). - d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest (for real this time). - d/patches/sun-awt-buildsystem.diff: Fix icedtea7-forest awt build. * d/patches/kfreebsd-support-jdk.diff: Refresh. * d/patches/icedtea-patch.diff: Remove usage of nssLibraryDirectory because while it works for nss3, it fails for softokn3 (since the latter is in nss/ subdirectory). Without this parameter, openjdk-7 will rely on default ld.so behavior. (Closes: #637337, #638008) In openjdk-6, nssLibraryDirectory was not used to load softokn3 (Secmod). * d/control: openjdk-7-jre Provides java7-runtime, openjdk-7-jre-headless Provides java7-runtime-headless and openjdk-7-jdk Provides java7-jdk. (Closes: #641668). -- Damien Raude-Morvan Mon, 19 Sep 2011 16:33:15 +0200 openjdk-7 (7~b147-2.0~pre4-1) unstable; urgency=low * Update to IcedTea7 (20110906): - JamVM: support for armhf and other various fixes. * Upload to unstable. * Regenerate control file for debian unstable. * Makefile.am: Force JAVA_HOME for ant call to --with-jdk-home value (without this, it defaults to existing JAVA_HOME env or /usr/bin/java link) -- Damien Raude-Morvan Mon, 05 Sep 2011 23:50:43 +0200 openjdk-7 (7~b147-2.0~pre3-3ubuntu2) oneiric; urgency=low * Merge debian packaging r491 from openjdk-6: - Move the -lib files into a different location so that the java-7-openjdk name can be used as a symlink. - Symlink the jre/cmm directory, instead of the files inside. Closes: #639883. -- Matthias Klose Thu, 01 Sep 2011 21:08:45 +0200 openjdk-7 (7~b147-2.0~pre3-3ubuntu1) oneiric; urgency=low * Regenerate the control file. -- Matthias Klose Sun, 28 Aug 2011 23:42:18 +0200 openjdk-7 (7~b147-2.0~pre3-3) experimental; urgency=low * Merge debian packaging r485:489 from openjdk-6: - Build using GCC-4.4 on sparc and sparc64. - Enable testsuite runs in s390x. * Merge debian packaging r490 from openjdk-6: - Set plugin name for the jinfo file. Closes: #638548, - Disable the mauve testsuite on i386. - Make the installation multiarch aware. -- Matthias Klose Sun, 28 Aug 2011 20:42:54 +0200 openjdk-7 (7~b147-2.0~pre3-2) experimental; urgency=low * d/patches/jdk-no-mapfile.diff: Re-add was not merged into current (e46d527097f1) revision but latter. -- Damien Raude-Morvan Mon, 22 Aug 2011 00:11:33 +0200 openjdk-7 (7~b147-2.0~pre3-1) experimental; urgency=low * Update to IcedTea7 (20110821): - JamVM updates. - S7070134,S7044738,S7068051,S7073913: Fix random segfaults and related invalid results from loop unroll optimization. - d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest. [ Matthias Klose ] * Build using GCC-4.4 on mips/mipsel. Closes: #628620. * Merge debian packaging r482:485 from openjdk-6: - Call dbus-launch --exit-with-session in testsuite. Closes: #612394. - Build for s390x using Zero. [ Damien Raude-Morvan ] * d/patches/kfreebsd-support-hotspot.diff: Add workaround to handle #637378. * d/generate-dfsg-zip.sh: Update to also handle langtools.tar.gz. Closes: #623693. -- Damien Raude-Morvan Sun, 21 Aug 2011 20:08:50 +0200 openjdk-7 (7~b147-2.0~pre2-3) experimental; urgency=low * d/patches/kfreebsd-support-hotspot.diff: Fix access to CPU registry under kfreebsd-amd64. -- Damien Raude-Morvan Sun, 07 Aug 2011 12:22:47 +0200 openjdk-7 (7~b147-2.0~pre2-2) experimental; urgency=low * d/patches/kfreebsd-support-jamvm.diff: Add support for kfreebsd-amd64. * d/patches/kfreebsd-support-hotspot.diff: Small fixes for Hotspot on kfreebsd-i386. * Split d/patches/hotspot-s390.diff and zero-missing-headers.diff. * Re-add missing changes from last upload: - patches/use-idx_t.patch: Edit upstream patch to avoid FTBFS on s390. - Makefile.{am,im}: Force bootclasspath (useful when building from openjdk-6). -- Damien Raude-Morvan Sat, 06 Aug 2011 23:50:58 +0200 openjdk-7 (7~b147-2.0~pre2-1) experimental; urgency=low * Update to icedtea7-forest snapshot (20110804): - d/patches/pr753.diff: drop, merged in icedtea7-forest. - d/patches/pr757.diff: drop, merged in icedtea7-forest. - d/patches/zero-jsr292-fixes.diff: drop, merged in icedtea7-forest. - d/patches/no-compiler-path.diff: drop, now handled correctly icedtea7's configure and openjdk's Makefile (by CC and CXX environment variables). - Updated JamVM to the 2011-08-01 revision. [ Damien Raude-Morvan ] * d/patches/zero-fpu-control-is-noop.diff: Remove ShouldNotCallThis from os_linux_zero.cpp (fix crash under i386). * d/rules: Enable support for GNU/kFreeBSD arch: - d/patches/kfreebsd-support-*: Update with latest fixes. - d/patches/kfreebsd-sync-issues.diff: hack to force some wait until we fix sync issues. - d/rules: Enable shark for GNU/kFreeBSD. * d/rules: Use DEB_HOST_ARCH_CPU for jvmarch/archdir. Thanks to Jérémie Koenig for patch. * d/patches/jexec.diff: Update for openjdk-7. * d/JB-jdk.overrides.in: Fix override for new Lintian 2.5.0 path handling. * d/icedtea-7-jre-jamvm.overrides: As for others libjvm.so, we use --strip-debug instead of --strip-unneeded. * d/source.lintian-overrides: Drop, not used anymore in openjdk-7. [ Matthias Klose ] * Merge debian packaging r472:482 from openjdk-6: - openjdk-6-jre-headless: Depend on icedtea-6-jre-jamvm, if it's the default VM. - Use gcj-4.4 as the stage1 java VM on mips and mipsel. - Make JamVM the default VM on Ubuntu oneiric/ARM. -- Matthias Klose Thu, 04 Aug 2011 11:38:01 +0200 openjdk-7 (7~b147-2.0~pre1-1) experimental; urgency=low * New b147 code drop (OpenJDK7 RC1). [ Matthias Klose ] * Fix build on sparc64. * Recognize 32bit user space on sparc. * Build shark using llvm-2.9. [ Damien Raude-Morvan ] * d/patches/zero-jsr292-fixes.diff: Fixes on Zero/Shark for JSR 292 support from Chris Phillips . * d/generate-dfsg-zip.sh: Update for OpenJDK7 as a first step to get #623693 fixed. * d/patches/kfreebsd-*: WiP patches for GNU/kFreeBSD support (not yet enabled by default). -- Matthias Klose Sun, 17 Jul 2011 16:08:51 +0200 openjdk-7 (7~b143-2.0~pre1-2) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 12 Jul 2011 14:30:01 +0200 openjdk-7 (7~b143-2.0~pre1-1ubuntu1) oneiric; urgency=low * Fix zero builds on non-ix86 architectures. * Fix build on sparc. * Build using jpeg8. -- Matthias Klose Tue, 12 Jul 2011 14:25:24 +0200 openjdk-7 (7~b143-2.0~pre1-1) experimental; urgency=low [ Damien Raude-Morvan ] * New b143 code drop. * Drop d/patches/7031385.diff: Merged upstream. * Drop d/patches/jamvm-oj7.patch: Merged upstream. * Manpages are now ja_JP.UTF-8 instead of ja_JP.eucJP [ Matthias Klose ] * Apply fix for IcedTea issue #753, #757. * Update s390 hotspot build fixes. * Re-enable zero on i386. -- Matthias Klose Sun, 10 Jul 2011 14:28:17 +0200 openjdk-7 (7~b136-2.0~pre1-2) experimental; urgency=low * Disable zero on i386. -- Matthias Klose Sun, 29 May 2011 12:37:03 +0200 openjdk-7 (7~b136-2.0~pre1-1ubuntu1) oneiric; urgency=low * Upload to oneiric. -- Matthias Klose Sun, 29 May 2011 07:59:01 +0200 openjdk-7 (7~b136-2.0~pre1-1) experimental; urgency=low [ Matthias Klose ] * Fix non-bootstrap builds. * Merge debian packaging r469:472 from openjdk-6. * Run jtreg tests using JamVM too. * Don't run the jtreg tests with the NSS security provider enabled. * Update JamVM to 20110528. * Re-enable the zero build, keep the shark builds disabled. [ Damien Raude-Morvan ] * Only apply jamvm-oj7.patch when jamvm build in enabled. -- Matthias Klose Sat, 28 May 2011 17:17:23 +0200 openjdk-7 (7~b136-1.14+debian1-1) experimental; urgency=low * New upstream release: Icedtea 1.14. - debian/patches/jamvm-oj7.patch: support new instruction (JVM_FindClassFromBootLoader) in JamVM. - Makefile.am: Fix some missing depends between patch and extract targets. * debian/patches/nonreparenting-wm.diff: Update. * Replace B-D on libxalan2-java by xsltproc for bootstrapping JMVTI. * Don't use GCJ_SUFFIX=4.6 for sid/wheezy/oneiric as GCJ version is not homogeneous between arch. * Enable JamVM support: - d/control: Add B-D on libtool. -- Damien Raude-Morvan Thu, 26 May 2011 23:03:56 +0200 openjdk-7 (7~b136-1.14~pre0-4) experimental; urgency=low * Re-add build dependency on fastjar. * Fix dependency on liblcms2-2. -- Matthias Klose Sun, 08 May 2011 10:21:21 +0200 openjdk-7 (7~b136-1.14~pre0-3) experimental; urgency=low * Fix liblcms dependency for -jre-headless package. -- Damien Raude-Morvan Sat, 07 May 2011 17:20:15 +0200 openjdk-7 (7~b136-1.14~pre0-2ubuntu2) oneiric; urgency=low * Re-add build dependency on fastjar. -- Matthias Klose Sun, 08 May 2011 02:51:47 +0200 openjdk-7 (7~b136-1.14~pre0-2) experimental; urgency=low * Fix build failure on i386 with GCC 4.6. -- Matthias Klose Fri, 06 May 2011 17:10:00 +0200 openjdk-7 (7~b136-1.14~pre0-1) experimental; urgency=low [ Damien Raude-Morvan ] * New b136 code drop: - d/rules: Use jaxp-1_4_5-dev1.zip as jaxp-drop-zip. - d/patches/icedtea-pretend-memory.diff: Refreshed. [ Matthias Klose ] * Fix -jre-lib dependency on -jre. Closes: #624846. * Add lcms configury. -- Matthias Klose Thu, 05 May 2011 21:08:55 +0200 openjdk-7 (7~b130-1.14~pre0-2) experimental; urgency=low * Remove obsolete conflicts. Closes: #624090. * Add copyright for the rewriter class. Addresses part of #623693. * Lower priorities for the alternatives below these of OpenJDK 6, as long as OpenJDK 7 is not yet released. * Don't build HotSpot with -Werror on architectures other than amd64 and i386. -- Matthias Klose Wed, 27 Apr 2011 23:03:45 +0200 openjdk-7 (7~b130-1.14~pre0-1) experimental; urgency=low * New b130 code drop. * Merge debian packaging r464:469 from openjdk-6. * Do not bump the epoch, package was never uploaded to any official repository. -- Matthias Klose Wed, 20 Apr 2011 21:46:32 +0200 openjdk-7 (1:7~b129-1.14~pre0-1) experimental; urgency=low * New b129 code drop. * Bump epoch to 1 and use ~ to indicate that's not openjdk-7 final relaase. -- Damien Raude-Morvan Mon, 14 Feb 2011 00:34:45 +0100 openjdk-7 (7b128-1.14~pre0-1) UNRELEASED; urgency=low * New b128 code drop. * Exclude "release" file for dh_install. -- Damien Raude-Morvan Mon, 07 Feb 2011 23:45:13 +0100 openjdk-7 (7b126-1.14~pre0-1) UNRELEASED; urgency=low * Merge debian packaging r446:464 from openjdk-6 but keep the following changes : - Replace DISABLE_PRECOMPILED_HEADER=1 by USE_PRECOMPILED_HEADER=0 - Use "ant, ant-optionnal" for all distrel - Drop "with_hotspot" variable (only one hotspot supported by IcedTea7) - Drop --enable-xrender (not supported by IcedTea7) * New b125 code drop: - d/rules: Use new archives by --with-*-src-zip * Refresh patches: - d/patches/shebang.diff: Year updated - d/patches/ld-symbolic-functions.diff and d/patches/no-compiler-path.diff: Changed corba generic Makefiles. - d/patches/default-jvm-cfg.diff and d/patches/set-exec-name.diff: Upstream merged "solaris" and "linux" java.c and java_md.c * Drop patches: - d/patches/too-many-args-ftbfs.diff (merged upstream) - d/patches/sparc.diff (merges upstream) - d/patches/hotspot-include-fixes.diff (includeDB dropped upstream) -- Damien Raude-Morvan Mon, 24 Jan 2011 00:18:38 +0100 openjdk-7 (7b106~pre1-0lucid2) lucid; urgency=low * Build for lucid. -- Matthias Klose Thu, 09 Sep 2010 15:32:13 +0200 openjdk-7 (7b106~pre1-0ubuntu2) maverick; urgency=low * Build openjdk-7 snapshot (7b106) * Symlink timezone data. * Disable shark builds, currently broken in 7b106. -- Matthias Klose Tue, 07 Sep 2010 04:56:48 +0200 openjdk-7 (7b89-1.13-0ubuntu1) maverick; urgency=low * Update to the IcedTea 1.13 release. * openjdk-7-jre: Recommend ttf-dejavu-extra. LP: #569396. -- Matthias Klose Fri, 30 Jul 2010 01:19:45 +0200 openjdk-7 (7b89~pre1-0lucid3) lucid; urgency=low * Include docs in the -doc package. LP: #600834. * Update from the IcedTea6 trunk. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Fix inter-package dependencies. -- Matthias Klose Thu, 15 Jul 2010 18:12:17 +0200 openjdk-7 (7b89~pre1-0lucid1) lucid; urgency=low [ Damien Raude-Morvan ] * Merge debian packaging r403:430 from openjdk-6. * Add myself to Uploaders. * Build openjdk-7 snapshot (7b89) * Use ant+ant-optional (IcedTea7 support ant 1.8). * Merge debian packaging r431:436 from openjdk-6. [ Matthias Klose ] * Merge debian packaging r430:445 from openjdk-6. * Update debian patches to 7b89. * Reenable the two stage build. * Reenable building cacao. * Reenable building zero. -- Matthias Klose Tue, 13 Jul 2010 10:32:11 +0200 openjdk-7 (7b77-0ubuntu1~ppa1) lucid; urgency=low * Build openjdk-7 snapshot (7b77). * Merge debian packaging r391:403 from openjdk-6. -- Matthias Klose Mon, 21 Dec 2009 16:58:34 +0100 openjdk-7 (7b72-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b72). * Merge debian packaging r371:391 from openjdk-6. * Disable the zero build for now. -- Matthias Klose Sat, 03 Oct 2009 16:35:27 +0200 openjdk-7 (7b66-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b66). * Merge debian packaging r362:371 from openjdk-6. -- Matthias Klose Thu, 06 Aug 2009 12:40:00 +0200 openjdk-7 (7b59-0ubuntu1) karmic; urgency=low * Reenable the build of zero. * Reapply fontconfig patch. * Apply icedtea-cacao-no-mmap-first-page patch. -- Matthias Klose Fri, 29 May 2009 10:19:26 +0200 openjdk-7 (7b59-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b59). * Merge debian packaging r205:362 from openjdk-6. -- Matthias Klose Wed, 27 May 2009 12:09:16 +0200 openjdk-7 (7b40-0ubuntu2) jaunty; urgency=low * Add build dependency on libxrender-dev. * Don't use fastjar on ia64, working around a build failure. * Add configury for shark builds. -- Matthias Klose Thu, 04 Dec 2008 16:26:15 +0100 openjdk-7 (7b40-0ubuntu1) jaunty; urgency=low * Build openjdk-7 snapshot (7b40). * Update packaging for openjdk-7. -- Matthias Klose Tue, 02 Dec 2008 14:27:03 +0100 openjdk-6 (6b22-1.10.1-0ubuntu1) natty; urgency=low * IcedTea6 1.10.1 release. -- Matthias Klose Tue, 05 Apr 2011 12:20:36 +0200 openjdk-6 (6b22-1.10.1~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 26 Mar 2011 10:43:49 +0100 openjdk-6 (6b22-1.10.1~pre1-0ubuntu1) natty; urgency=low * Update from the IcedTea6-1.10 release branch (20110325). * Add multiarch directories to the default library path. LP: #737603. -- Matthias Klose Fri, 25 Mar 2011 16:33:57 +0100 openjdk-6 (6b22-1.10-3) experimental; urgency=low * Fix JamVM build on mips/mipsel (Robert Lougher). * Re-enable the JamVM build on mips/mipsel. -- Matthias Klose Sun, 06 Mar 2011 15:01:54 +0100 openjdk-6 (6b22-1.10-2) experimental; urgency=low * Mention that IcedTea is copyrigh GPLv2 + "CLASSPATH" EXCEPTION. Closes: #611269. * Don't run the jdk checks for the alternate builds (hotspot and langtools checks are still run). * Disable the JamVM build on mips/mipsel. -- Matthias Klose Sat, 05 Mar 2011 16:13:40 +0100 openjdk-6 (6b22-1.10-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Fri, 04 Mar 2011 16:12:50 +0100 openjdk-6 (6b22-1.10-0ubuntu2) natty; urgency=low * Disable the jdk tests with the Shark, JamVM and Cacao VMs. -- Matthias Klose Fri, 04 Mar 2011 15:32:50 +0100 openjdk-6 (6b22-1.10-0ubuntu1) natty; urgency=low * IcedTea6 1.10 release. -- Matthias Klose Thu, 03 Mar 2011 09:32:19 +0100 openjdk-6 (6b21~pre3-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20110224). * icedtea-6-jre-jamvm: Build JamVM as an alternative VM, start with `java -jamvm'. -- Matthias Klose Thu, 24 Feb 2011 02:45:56 +0100 openjdk-6 (6b21~pre2-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20110217). * Update hotspot hs20 (not yet enabled). * Add ppc64 packaging bits. -- Matthias Klose Fri, 18 Feb 2011 15:55:41 +0100 openjdk-6 (6b21~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 22 Jan 2011 15:34:21 +0100 openjdk-6 (6b21~pre1-0ubuntu1) natty; urgency=low * Update to 6b21. -- Matthias Klose Sat, 22 Jan 2011 14:28:28 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu4) natty; urgency=low * Fix shark build on powerpc. -- Matthias Klose Fri, 24 Dec 2010 11:06:32 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu3) natty; urgency=low * Update from the IcedTea6 trunk (20101223). -- Matthias Klose Thu, 23 Dec 2010 14:27:17 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20101126). * Update hotspot hs19. * Fix build failures on ia64, s390 and sparc64. -- Matthias Klose Fri, 26 Nov 2010 16:38:16 +0100 openjdk-6 (6b20-1.10~pre2-0ubuntu7~ppa1) natty; urgency=low * Reenable shark on amd64, but build using llvm-2.7. -- Matthias Klose Thu, 21 Oct 2010 23:59:30 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu5) natty; urgency=low * Don't try to set up an alternative for javaws -- Matthias Klose Thu, 21 Oct 2010 17:38:48 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu3) natty; urgency=low * Stop building zero/shark on amd64. Fails the self tests. -- Matthias Klose Thu, 21 Oct 2010 13:49:56 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu2) natty; urgency=low * Don't include OpenJDK's javaws either. * openjdk-6-jre: Recommend icedtea-netx. -- Matthias Klose Thu, 21 Oct 2010 08:34:07 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20101020). * Remove the plugin and javaws from the packaging, removed upstream. -- Matthias Klose Wed, 20 Oct 2010 17:45:09 +0200 openjdk-6 (6b20-1.10~pre1-0ubuntu2) natty; urgency=low * Build with hotspot 19. -- Matthias Klose Thu, 14 Oct 2010 11:28:38 +0200 openjdk-6 (6b20-1.10~pre1-0ubuntu1) natty; urgency=low * Snapshot, taken from the IcedTea6 trunk (20101013). -- Matthias Klose Wed, 13 Oct 2010 08:36:44 +0200 openjdk-6 (6b20-1.9.2-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Wed, 24 Nov 2010 05:29:43 +0100 openjdk-6 (6b20-1.9.2-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.9.2 release. - CVE-2010-3860: Fix IcedTea System property information leak via public static. * Build using Hotspot hs19. * Start metacity using dbus-launch, when running the testsuite. LP: #632594. -- Matthias Klose Sun, 21 Nov 2010 18:30:39 +0100 openjdk-6 (6b20-1.9.1-1ubuntu3) maverick-security; urgency=low * Move all japanese man pages belonging to the jre into the -jre package. Closes: #600765. * Add -jdk replaces for -jre and -jre-headless. Closes: #600809. -- Matthias Klose Wed, 20 Oct 2010 12:51:34 +0200 openjdk-6 (6b20-1.9.1-1ubuntu1) maverick-security; urgency=low * Fix upgrade to symlinked timezone data. Closes: #600359. * Move all japanese man pages belonging to the jre into the -jre package. Closes: #600765. -- Matthias Klose Mon, 18 Oct 2010 16:07:48 +0200 openjdk-6 (6b20-1.9.1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 12 Oct 2010 15:07:35 +0200 openjdk-6 (6b20-1.9.1-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.9.1 release. - Security updates: - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation. - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition. - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities. - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free. - S6938813, CVE-2010-3557: OpenJDK Swing mutable static. - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak. - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability. - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution. - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution. - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies. - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage. - S6623943: javax.swing.TimerQueue's thread occasionally fails to start. - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host. - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting). - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code. - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection. - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts. - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection. - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection. - Plugin fixes. - Backports from newer IcedTea releases. -- Matthias Klose Tue, 12 Oct 2010 12:13:40 +0200 openjdk-6 (6b20-1.9-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 07 Sep 2010 21:19:21 +0200 openjdk-6 (6b20-1.9-0ubuntu1) maverick; urgency=low * IcedTea6 1.9 release. -- Matthias Klose Tue, 07 Sep 2010 18:13:20 +0200 openjdk-6 (6b20~pre2-0ubuntu2) maverick; urgency=low * Update from the IcedTea6 trunk. * Really let the build fail on armel. -- Matthias Klose Fri, 30 Jul 2010 16:55:38 +0200 openjdk-6 (6b20~pre2-0ubuntu1) maverick; urgency=high * Update from the IcedTea6 trunk. - (CVE-2010-2783): IcedTea 'Extended JNLP Services' arbitrary file access. - (CVE-2010-2548): IcedTea incomplete property access check for unsigned applications * openjdk-6-jre: Recommend ttf-dejavu-extra. LP: #569396. * Explicitely fail the build on armel. The ARM assembler interpreter is disabled and would a 3-5x performance regression compared to the current 6b18 armel binaries in the archive. -- Matthias Klose Thu, 29 Jul 2010 00:10:53 +0200 openjdk-6 (6b20~pre1-2) experimental; urgency=low * Upload to experimental. -- Matthias Klose Thu, 15 Jul 2010 13:55:02 +0200 openjdk-6 (6b20~pre1-1ubuntu1) maverick; urgency=low * Include docs in the -doc package. LP: #600834. * Update from the IcedTea6 trunk. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. -- Matthias Klose Thu, 15 Jul 2010 12:40:10 +0200 openjdk-6 (6b20~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Mon, 28 Jun 2010 00:50:58 +0200 openjdk-6 (6b20~pre1-0ubuntu2) maverick; urgency=low * Shark & CACAO build fixes. -- Matthias Klose Fri, 25 Jun 2010 02:27:10 +0200 openjdk-6 (6b20~pre1-0ubuntu1) maverick; urgency=low * Update to 6b20 code drop. -- Matthias Klose Wed, 14 Apr 2010 02:53:37 +0200 openjdk-6 (6b18-1.8-4) unstable; urgency=low * Update from the 1.8 branch. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). - Fix race conditions in plugin initialization code that were causing hangs when loading multiple applets in parallel. * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Don't turn on the ARM assembler interpreter when building the shark VM. -- Matthias Klose Thu, 15 Jul 2010 00:40:13 +0200 openjdk-6 (6b18-1.8-3) unstable; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. -- Matthias Klose Sun, 27 Jun 2010 10:16:27 +0200 openjdk-6 (6b18-1.8-2ubuntu3) maverick; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. -- Matthias Klose Sun, 27 Jun 2010 10:16:27 +0200 openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low * Search for unversioned llvm-config tool. -- Matthias Klose Sun, 02 May 2010 12:03:01 +0200 openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low * Upload to maverick. -- Matthias Klose Sun, 02 May 2010 11:23:16 +0200 openjdk-6 (6b18-1.8-2) unstable; urgency=low * Update from the 1.8 branch. - Fix build on Hitachi SH. Closes: #575346. - Shark and Zero fixes. * Build shark using llvm-2.7. * Don't use shark to run the test harness when testing the shark build. * README.Debian: Add paragraph about debugging the IcedTea NPPlugin. -- Matthias Klose Sat, 01 May 2010 12:35:19 +0200 openjdk-6 (6b18-1.8-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Wed, 14 Apr 2010 02:53:37 +0200 openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low * Update IcedTea6 to the icedtea6-1.8 release. * Fix builds on Ubuntu/dapper and Debian/lenny. * On hppa, configure --without-rhino --disable-plugin. * Fix Hitachi SH configury. Closes: #575346. * Start a window manager when running the tests. Prefer metacity, as more tests pass with it. * Let XToolkit.isTraySupported() return true, if Compiz is running. Works around sun#6438179. LP: #300948. * Make /jre/lib/security/nss.cfg a config file. * Fail in the configuration of the packages, if /proc is not mounted. java currently uses tricks to find its own shared libraries depending on the path of the binary. Will be changed in OpenJDK7. Closes: #576453. * Fix PR icedtea/469, testsuite failures with the NSS based security provider. LP: #556549. * Do not pass LD_LIBRARY_PATH from the plugin to the java process. While libnss3.so gets loaded from /usr/lib, the dependent libraries are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox config). LP: #561124. Closes as well: LP: #551328, #554909, #560829, #549010, #553452. * Always build shark with hs14. -- Matthias Klose Wed, 14 Apr 2010 01:53:33 +0200 openjdk-6 (6b18~pre4-1ubuntu1) lucid; urgency=low * Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev, unexpectedly demoted to universe. * icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way to do better? See #552780. * Fix builds on Ubuntu hardy. -- Matthias Klose Wed, 31 Mar 2010 22:21:49 +0200 openjdk-6 (6b18~pre4-1) unstable; urgency=high * Upload to unstable. -- Matthias Klose Wed, 31 Mar 2010 16:35:18 +0200 openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low * Fix typo in NPPlugin code. LP: #552287. -- Matthias Klose Wed, 31 Mar 2010 10:41:11 +0200 openjdk-6 (6b18~pre4-0ubuntu1) lucid; urgency=low [ Matthias Klose ] * Update IcedTea6 form the 1.8 branch. * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299). - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807). - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653). - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217). - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) [ZDI-CAN-603]. - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390). - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703). - (CVE-2010-0088): Inflater/Deflater clone issues (6745393). - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains (6633872). - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149). - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) [ZDI-CAN-588]. - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265). - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691). - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823). - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866). - (CVE-2009-3555): TLS: MITM attacks via session renegotiation. - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups. - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly. encoded CommonName OIDs. - 6910590: Application can modify command array in ProcessBuilder. - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability. - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? - 6898739: TLS renegotiation issue. [ Torsten Werner ] * Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too. (Closes: #575163) -- Matthias Klose Wed, 31 Mar 2010 02:34:04 +0200 openjdk-6 (6b18~pre3-1) unstable; urgency=low [ Matthias Klose ] * Update IcedTea build infrastructure (20100321). * Update support for SH4 (Nobuhiro Iwamatsu). * Handle renaming of the plugin name. [ Torsten Werner ] * Improve patch for IPv4 mapped IPv6 addresses even more. (Closes: #573742) -- Matthias Klose Sun, 21 Mar 2010 22:52:12 +0100 openjdk-6 (6b18~pre2-1ubuntu2) lucid; urgency=low * Fix build failure on ARM. -- Matthias Klose Fri, 12 Mar 2010 15:19:13 +0100 openjdk-6 (6b18~pre2-1ubuntu1) lucid; urgency=low * Upload to lucid. -- Matthias Klose Wed, 10 Mar 2010 23:34:57 +0100 openjdk-6 (6b18~pre2-1) unstable; urgency=low * Update IcedTea build infrastructure (20100310). * Disable building the plugin the plugin on alpha (borked xulrunner packaging using binary indep packages). * Use a two stage build on alpha. * Add note about the reparenting WM workaround. Closes: #573026. * Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane). Closes: #572511. * openjdk-6-doc: Don't compress package-list files. Closes: #567899. -- Matthias Klose Wed, 10 Mar 2010 11:19:19 +0100 openjdk-6 (6b18~pre1-4) unstable; urgency=low * Improve patch for IPv4 mapped IPv6 addresses. -- Torsten Werner Sun, 07 Mar 2010 01:14:36 +0100 openjdk-6 (6b18~pre1-3) unstable; urgency=low * Add a patch for improved handling of IPv4 mapped IPv6 addresses. (Closes: #560056, #561930, #563699, #563946) -- Torsten Werner Tue, 02 Mar 2010 23:46:57 +0100 openjdk-6 (6b18~pre1-2) unstable; urgency=low * Change Build-Depends: ant1.7-optional because of a bus error in gij. -- Torsten Werner Mon, 01 Mar 2010 07:17:16 +0100 openjdk-6 (6b18~pre1-1ubuntu1) lucid; urgency=low * Ignore error code running ant -diagnostics. * Build-depend on ant-optional. * Disable the cacao build on armel, fails to build with the non bootstrap build. -- Matthias Klose Sat, 20 Feb 2010 15:36:06 +0100 openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 19 Feb 2010 21:52:32 +0100 openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. -- Matthias Klose Fri, 19 Feb 2010 18:17:23 +0100 openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. -- Matthias Klose Sun, 31 Jan 2010 21:56:59 +0100 openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 19 Feb 2010 21:52:32 +0100 openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. -- Matthias Klose Fri, 19 Feb 2010 18:17:23 +0100 openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. -- Matthias Klose Sun, 31 Jan 2010 21:56:59 +0100 openjdk-6 (6b17-1.7-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Wed, 27 Jan 2010 23:44:47 +0100 openjdk-6 (6b17-1.7-0ubuntu1) lucid; urgency=low * IcedTea6 1.7 release. * Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999. * Run the testsuite on sh4. * Ubuntu only: Implement an execute bit checker for the Non-Exec Policy - debian/JB-java.desktop.in: update mime handler to use new launcher. * armel: Apply the thumb2 patches from the trunk, plus proposed patches for the trunk. -- Matthias Klose Wed, 27 Jan 2010 22:48:24 +0100 openjdk-6 (6b17-0ubuntu1) lucid; urgency=low * Build from the IcedTea6-1.7 branch. * Don't build the plugin on sparc64. * Enable the NPPlugin. * Add support for SH4 (Nobuhiro Iwamatsu). * Fix crash in the ARM assembler interpreter (Edward Nevill). -- Matthias Klose Wed, 06 Jan 2010 15:52:50 +0100 openjdk-6 (6b17~pre3-1ubuntu2) lucid; urgency=low * Update IcedTea build infrastructure (20091224). * Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by xvfb-run). -- Matthias Klose Thu, 24 Dec 2009 12:43:00 +0100 openjdk-6 (6b17~pre3-1ubuntu1) lucid; urgency=low * Upload to lucid. -- Matthias Klose Fri, 18 Dec 2009 10:40:05 +0100 openjdk-6 (6b17~pre3-1) unstable; urgency=low * Update IcedTea build infrastructure (20091218). * Install docs into the openjdk-6-jre-headless directory instead of openjdk-6-jre. -- Matthias Klose Fri, 18 Dec 2009 10:00:08 +0100 openjdk-6 (6b17~pre2-1ubuntu1) lucid; urgency=low * Update IcedTea build infrastructure (20091215). * Fix cacao build on armel with current optimization defaults. -- Matthias Klose Tue, 15 Dec 2009 16:41:12 +0100 openjdk-6 (6b17~pre2-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Mon, 09 Nov 2009 21:50:52 +0100 openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low * Security updates: - (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533). - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445). - (CVE-2009-3881) resurrected classloaders can still have children (6636650). - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026). - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138). - (CVE-2009-3880) UI logging information leakage (6664512). - (CVE-2009-3879) GraphicsConfiguration information leak (6822057). - (CVE-2009-3884) zoneinfo file existence information leak (6824265). - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062). - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968). - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503). - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911). - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357). - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643. - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358). * Update IcedTea build infrastructure (20091109). * Use hs16 on armel. -- Matthias Klose Mon, 09 Nov 2009 17:48:43 +0100 openjdk-6 (6b17~pre2-0ubuntu2) lucid; urgency=low * Don't use hs16 on armel and sparc. -- Matthias Klose Mon, 02 Nov 2009 15:33:00 +0100 openjdk-6 (6b17~pre2-0ubuntu1) lucid; urgency=low * New code drop (b17). * Bump hotspot to hs16. * Update IcedTea build infrastructure (20091031). * Set priority of default -jre and -jdk packages to optional. * Fix binary-all to binary-any dependencies. Closes: #550680. -- Matthias Klose Sat, 31 Oct 2009 19:30:54 +0100 openjdk-6 (6b16-1.6.1-2) unstable; urgency=medium * Build-depend on xulrunner-dev (>= 1.9.1.3-3). -- Matthias Klose Sun, 11 Oct 2009 21:34:48 +0200 openjdk-6 (6b16-1.6.1-1ubuntu3) karmic; urgency=low [Matthias Klose] * On armel and powerpc, build an additional VM using shark in the openjdk-6-jre-zero package (java -shark ). Requires llvm-2.6. * Hide the desktop menu entry for WebStart. LP: #222180. * Don't provide java-virtual-machine anymore. [Edward Nevill] * Avoid stack overflows in the arm interpreter. -- Matthias Klose Thu, 08 Oct 2009 12:41:46 +0200 openjdk-6 (6b16-1.6.1-1ubuntu2) karmic; urgency=low * Support PKCS11 cryptography via NSS, now allowing import of all certificates from ca-certificates. * Remove Michael Koch from uploaders, request by himself. * Add the doc dir symlink for openjdk-6-jre-zero when the package is built with shark support. -- Matthias Klose Mon, 28 Sep 2009 21:55:08 +0200 openjdk-6 (6b16-1.6.1-1ubuntu1) karmic; urgency=low * Fix dependency on the java bridge packages. * debian/rules: Conditionalize stuff so that the recent release is never mentioned. * Remove obsolete patches in debian/patches. * Rebuild on armel to fix up libffi for the soft float abi. * For jaunty builds, fix IcedTeaPlugin failure to start with xulrunner 1.9.1 (LP: #359407). - debian/patches/icedtea-plugin-use-runtime-nsIProcess-IID.diff: Add. - debian/rules: Apply it for jaunty builds. * Use pulseaudio as default serviceprovider for javax.sound.midi.MidiSystem and javax.sound.sampled.AudioSystem. LP: #407299. -- Matthias Klose Sat, 26 Sep 2009 16:01:48 +0200 openjdk-6 (6b16-1.6.1-1) unstable; urgency=low * Upload to Debian unstable. -- Matthias Klose Tue, 15 Sep 2009 02:17:03 +0200 openjdk-6 (6b16-1.6.1-0ubuntu1) karmic; urgency=low * Update IcedTea6 to the 1.6.1 release. * Work around GCC PR target/41327, build the JDK on s390 with -O2. -- Matthias Klose Thu, 10 Sep 2009 01:55:08 +0200 openjdk-6 (6b16-1.6-1) unstable; urgency=low * Update IcedTea6 to the 1.6 release. * Fix GCC build dependencies. -- Matthias Klose Wed, 09 Sep 2009 22:18:38 +0200 openjdk-6 (6b16-1.6~pre2-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 28 Aug 2009 19:04:31 +0200 openjdk-6 (6b16-1.6~pre2-0ubuntu1) karmic; urgency=low * Update IcedTea from the 1.6 release branch: - Fix buffer overflow in debugger's socket handler (Kees Cook). https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736. - plugin fixes. * Move the pulseaudio recommendation to a suggestion, don't build-depend on pulseaudio. Closes: #539394. LP: #361408. * Build for armv6 (on armel). [ Kees Cook ] * debian/rules: Re-enable fortification and stack protector (LP: #330713). * Adding stack markings to the x86 assembly for not using executable stack. LP: #419018. -- Matthias Klose Fri, 28 Aug 2009 18:51:34 +0200 openjdk-6 (6b16-1.6~pre1-0ubuntu1) karmic; urgency=low * Test build (icedtea6-1.6 release branch). -- Matthias Klose Fri, 21 Aug 2009 19:44:42 +0200 openjdk-6 (6b16~pre5-0ubuntu2) karmic; urgency=low * Add explicit build dependency on libgtk2.0-dev. -- Matthias Klose Thu, 06 Aug 2009 11:39:14 +0200 openjdk-6 (6b16~pre5-0ubuntu1) karmic; urgency=low * Bump hotspot to hs14b16. * Update IcedTea build infrastructure (20090805). * patches/java-access-bridge-security.patch: Update. * Build-depend on xulrunner-dev instead of xulrunner-1.9-dev on karmic. * Don't recommend the jck fonts anymore, just suggest them; the appropriate fonts are installed as dependencies of the language packs. -- Matthias Klose Thu, 06 Aug 2009 10:27:09 +0200 openjdk-6 (6b16~pre4-0ubuntu7) karmic; urgency=low * Build using GCC-4.4 on sparc as well, require 4.4.1. -- Matthias Klose Thu, 23 Jul 2009 18:23:14 +0200 openjdk-6 (6b16~pre4-0ubuntu6) karmic; urgency=low * Fix build failure building the zero VM. -- Matthias Klose Thu, 16 Jul 2009 09:49:36 -0400 openjdk-6 (6b16~pre4-0ubuntu5) karmic; urgency=low [Matthias Klose] * Update IcedTea build infrastructure (20090715). * Tighten build dependency on llvm-dev. [Edward Nevill] * Add armv4 compatibility. -- Matthias Klose Wed, 15 Jul 2009 15:40:44 -0400 openjdk-6 (6b16~pre4-0ubuntu4) karmic; urgency=low [Edward Nevill] * Added Bytecode Interpreter Generator. * Added ARM templates for above. * Removed old optimised ARM assebler. * Added -g0 because of problems with ld linking -g. * Changed alignment to 64 now that as bug is fixed. [Matthias Klose] * Update IcedTea build infrastructure (20090710). * Let the -jre package depend on the access-bridge package, not the -jre-headless package. LP: #395074. * Suggested by Ed Nevill: - Pass -timeout:3 when running the jtreg testsuite on zero architectures. - Pass -Xmx256M -vmoption:-Xmx256M on armel for the jtreg testsuite run. * Tighten build dependency on llvm-dev. -- Matthias Klose Fri, 03 Jul 2009 18:32:50 +0200 openjdk-6 (6b16~pre4-0ubuntu3) karmic; urgency=low * Update zero-port-opt patch on armel. -- Matthias Klose Wed, 24 Jun 2009 10:48:48 +0200 openjdk-6 (6b16~pre4-0ubuntu2) karmic; urgency=low * Update IcedTea build infrastructure (20090623). * Reapply the zero-port-opt patch on armel. * Do not use the IPA Mona font family by default. Closes: #521233. * Build cacao with -fno-strict-aliasing. -- Matthias Klose Tue, 23 Jun 2009 16:23:38 +0200 openjdk-6 (6b16-4) unstable; urgency=medium * Build the zero binary package when building with shark. * Build-depend on cpio. Closes: #532963. -- Matthias Klose Tue, 16 Jun 2009 07:52:19 +0200 openjdk-6 (6b16-3) unstable; urgency=low * Update IcedTea build infrastructure (20090612). * Install the libaccess-bridge-java* symlinks again. * Build zero on ix86 architectures with JIT support (shark). To use the zero build without shark, use the `-Xint' option to operate in interpreted-only mode. -- Matthias Klose Fri, 12 Jun 2009 17:31:34 +0200 openjdk-6 (6b16-2) unstable; urgency=low * Don't install libaccess-bridge-java* symlinks until libaccess-bridge-java-jni is available on all architectures. * Add missing build dependency on cacao-source. -- Matthias Klose Mon, 18 May 2009 14:02:59 +0200 openjdk-6 (6b16-1) unstable; urgency=low * Upload to unstable, based in 6b16 and IcedTea 1.5. -- Matthias Klose Sun, 17 May 2009 23:02:46 +0200 openjdk-6 (6b16~pre3-0ubuntu1) karmic; urgency=low * Update to hotspot hs14b15. * Provide symlink for libjava-access-bridge-jni.so. LP: #375347. -- Matthias Klose Fri, 15 May 2009 00:41:24 +0200 openjdk-6 (6b16~pre2-0ubuntu3) karmic; urgency=low * Update IcedTea build infrastructure (20090513). * Fix build failure when xvfb-run doesn't work, trying to access a non-existing directory. -- Matthias Klose Wed, 13 May 2009 23:01:23 +0200 openjdk-6 (6b16~pre2-0ubuntu2) karmic; urgency=low * Add libffi-dev as architecture independent build dependency. -- Matthias Klose Mon, 11 May 2009 08:41:42 +0200 openjdk-6 (6b16~pre2-0ubuntu1) karmic; urgency=low * Update to re-tagged code drop (b16). * Update IcedTea build infrastructure (20090510). * Remove patches integrated in IcedTea. * Remove GCJ Web Plugin support. * Remove build infrastructure to build additional VM's, integrated in IcedTea. * Stop building the openjdk-6-source-files package. * README.Debian: Document using the different VM's. * Use GCC-4.3 on sparc, ICE with GCC-4.4. * Fix problem with the ARM assembler interpreter, when executing a 'new' bytecode with a double on the top of the stack (Edward Nevill). * Run the testsuite for the zero build on ix86 architectures. -- Matthias Klose Sun, 10 May 2009 23:37:42 +0200 openjdk-6 (6b16~pre1-0ubuntu1) karmic; urgency=low * New code drop (b16). * Update IcedTea build infrastructure (20090429). * Merge changes from 6b14-1.4.1. * Fix section names (using the java section). * Remove all UTF-8 sequence definitions from the font configuration. -- Matthias Klose Wed, 29 Apr 2009 11:33:07 +0200 openjdk-6 (6b14-1.4.1-0ubuntu9) jaunty; urgency=low * Reenable the testsuite (revert the change in last upload). * Apply fix for the ARM bytecode interpreter (Edward Nevill). -- Matthias Klose Sat, 18 Apr 2009 11:24:27 +0200 openjdk-6 (6b14-1.4.1-0ubuntu7) jaunty; urgency=low * Don't use some indian fonts with diverging font metrics for the latin-1.UTF-8 encoding. LP: #289784. * Disable running the testsuite for this build (no code changes compared to the previous upload). -- Matthias Klose Tue, 14 Apr 2009 11:46:25 +0200 openjdk-6 (6b14-1.4.1-0ubuntu6) jaunty; urgency=low * Fix native2ascii jdk test case, which let the jdk testsuite fail. -- Matthias Klose Fri, 10 Apr 2009 11:58:44 +0200 openjdk-6 (6b14-1.4.1-0ubuntu5) jaunty; urgency=low [Matthias Klose] * Update to the final CACAO 0.99.4 release. * Security Vulnerability Fixes for OpenJDK: - 6522586: Enforce limits on Font creation. - 6536193: flaw in UTF8XmlOutput. - 6610888: Potential use of cleared of incorrect acc in JMX Monitor. - 6610896: JMX Monitor handles thread groups incorrectly. - 6630639: lightweight HttpServer leaks file descriptors on no-data connections. - 6632886: Font.createFont can be persuaded to leak temporary files. - 6636360: compiler/6595044/Main.java test fails with 64bit java on solaris-sparcv9 with SIGSEGV. - 6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values. - 6652929: Font.createFont(int,File) trusts File.getPath. - 6656633: getNotificationInfo methods static mutable (findbugs). - 6658158: Mutable statics in SAAJ (findbugs). - 6658163: txw2.DatatypeWriter.BUILDIN is a mutable static (findbugs). - 6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded. - 6717680: LdapCtx does not close the connection if initialization fails. - 6721651: Security problem with out-of-the-box management. - 6737315: LDAP serialized data vulnerability. - 6792554: Java JAR Pack200 header checks are insufficent. - 6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]. - 6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]. - 6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1]. * Add security patch for the lcms library. * Add accessibility patches java-access-bridge-security.patch and accessible-toolkit.patch. * Merge fixes for testsuite failures from the IcedTea6 branch. * Merge the proxy support for the plugin from the IcedTea6 branch. * Merge http://icedtea.classpath.org/hg/release/icedtea6-1.4.1/rev/546ef0cdee06 (TJ). LP: #344705. * Add a Xb-Npp-Description for the IcedTea plugin. LP: #272010. [Edward Nevill] * Put VFP back in - selects VFP / novfp autmatically * More assembler optimisations -- Matthias Klose Thu, 09 Apr 2009 14:14:12 +0200 openjdk-6 (6b14-1.4.1-0ubuntu4) jaunty; urgency=low * Disable the additional zero JVM on sparc. * patches/hotspot/default/icedtea-includedb.patch: Add missing include in openjdk/hotspot/src/share/vm/includeDB_core. * Fix build failure of the zero VM on lpia with a fixed GCC. -- Matthias Klose Fri, 13 Mar 2009 16:39:27 +0100 openjdk-6 (6b14-1.4.1-0ubuntu3) jaunty; urgency=low * Build the Zero/Shark VM as an additional JVM (call as `java -zero'). -- Matthias Klose Sat, 07 Mar 2009 20:54:28 +0100 openjdk-6 (6b14-1.4.1-0ubuntu2) jaunty; urgency=low * Fix zero-port-opt patching (build failure on armel). -- Matthias Klose Thu, 05 Mar 2009 18:19:18 +0100 openjdk-6 (6b14-1.4.1-0ubuntu1) jaunty; urgency=low * Update IcedTea to the 1.4.1 release. * Build the Cacao VM as an additional JVM (call as `java -cacao'). * Build in separate build directory. -- Matthias Klose Thu, 05 Mar 2009 15:16:02 +0100 openjdk-6 (6b14-1.5~pre1-5) unstable; urgency=low * Fix build failure on armel. * Require the final cacao-0.99.4 release. * Add /usr/lib/jni to the library path. Closes: #517338. -- Matthias Klose Tue, 17 Mar 2009 09:37:20 +0100 openjdk-6 (6b14-1.5~pre1-4) unstable; urgency=low * Disable the additional zero JVM on sparc. * Fix casts in hotspot on s390. Closes: #518823. * Add special flags for javac on s390 to work around a VM problem with bad code generation during inlining. * Run the testsuites for the default VM on all architectures. * Update IcedTea (20090314). -- Matthias Klose Sat, 14 Mar 2009 18:29:49 +0100 openjdk-6 (6b14-1.5~pre1-3) unstable; urgency=low * Don't configure the additional zero JVM with --enable-shark, currently fails to build. * Don't build the JDK when building the additional zero JVM. -- Matthias Klose Sat, 07 Mar 2009 21:11:16 +0100 openjdk-6 (6b14-1.5~pre1-2) experimental; urgency=low * Build the Zero/Shark VM as an additional JVM (call as `java -zero'). -- Matthias Klose Fri, 06 Mar 2009 11:16:07 +0100 openjdk-6 (6b14-1.5~pre1-0ubuntu1) jaunty; urgency=low * Update hotspot to 14.0-b10. * Update IcedTea (20090305). * Build the Cacao VM as an additional JVM (call as `java -cacao'). * Build in separate build directory. -- Matthias Klose Thu, 05 Mar 2009 15:16:02 +0100 openjdk-6 (6b14-0ubuntu17) jaunty; urgency=low [ Edward Nevill ] * Remove VFP from asm loop * Disble the mauve testsuite for armel. [Matthias Klose] * Update IcedTea (20090302). -- Matthias Klose Mon, 02 Mar 2009 16:18:01 +0100 openjdk-6 (6b14-0ubuntu16) jaunty; urgency=low * Regenerate auto files. -- Matthias Klose Wed, 18 Feb 2009 15:20:10 +0100 openjdk-6 (6b14-0ubuntu15) jaunty; urgency=low [ Edward Nevill ] * Added ARM assembler interpreter loop * mauve and jtreg removed again for alpha release [Matthias Klose] * Update IcedTea (20090218). -- Matthias Klose Wed, 18 Feb 2009 13:35:02 +0100 openjdk-6 (6b14-0ubuntu14) jaunty; urgency=low * Configure with --disable-nio2 on armel as well. -- Matthias Klose Fri, 13 Feb 2009 10:13:55 +0100 openjdk-6 (6b14-0ubuntu13) jaunty; urgency=low * Really configure with --disable-nio2. -- Matthias Klose Thu, 12 Feb 2009 17:26:43 +0100 openjdk-6 (6b14-0ubuntu12) jaunty; urgency=low * Configure with --disable-nio2. * Run mauve and jtreg testsuites on armel. -- Matthias Klose Wed, 11 Feb 2009 13:00:15 +0100 openjdk-6 (6b14-0ubuntu11) jaunty; urgency=low [Edward Nevill] * Performance improvements for the zero build (currently applied on armel only). [Matthias Klose] * Update IcedTea (20090210). -- Matthias Klose Tue, 10 Feb 2009 15:29:22 +0100 openjdk-6 (6b14-0ubuntu10) jaunty; urgency=low * Explicitely remove PulseAudioMuteControl.java. -- Matthias Klose Mon, 26 Jan 2009 22:09:21 +0100 openjdk-6 (6b14-0ubuntu9.1) jaunty; urgency=low * Test build. -- Matthias Klose Sun, 25 Jan 2009 17:03:51 +0100 openjdk-6 (6b14-0ubuntu9) jaunty; urgency=low * Update IcedTea build infrastructure (20090125). * Run the jtreg testsuite for cacao builds, save all test logs. -- Matthias Klose Sun, 25 Jan 2009 15:40:52 +0100 openjdk-6 (6b14-0ubuntu8) jaunty; urgency=low * Fix merge error, don't apply patches twice. -- Matthias Klose Mon, 19 Jan 2009 01:15:19 +0100 openjdk-6 (6b14-0ubuntu7) jaunty; urgency=low * debian/rules: Call dh_desktop. LP: #309999. * Add dependency on libjpeg62 for the -headless package. LP: #318383. * Test some jtreg tests which fail in samevm mode in a separate VM. * Build all with -fno-stack-protector -U_FORTIFY_SOURCE. * Include jtr files of failed tests in the -jdk package. -- Matthias Klose Mon, 19 Jan 2009 00:23:22 +0100 openjdk-6 (6b14-0ubuntu6) jaunty; urgency=low * The -source package now contains all source files. Closes: #504568. * The 6b14 build fixes the following security related issues (sun bug number, CVE, description): - 6588160, CVE-2008-5348: jaas krb5 client leaks OS-level UDP sockets. - 6497740, CVE-2009-5349: Limit the size of RSA public keys. - 6484091, CVE-2008-5350: FileSystemView leaks directory info. - 4486841, CVE-2008-5351: UTF-8 decoder needed adhere to Unicode 3.0.1 fixes. - 6755943, CVE-2008-5352: JAR decompression should enforce stricter header checks. - 6734167, CVE-2008-5353: Calendar.readObject allows elevation of privileges. - 6733959, CVE-2008-5354: Insufficient checks for "Main-Class" manifest entry in JAR files - 6751322, CVE-2008-5356: Sun Java JRE TrueType Font Parsing Heap Overflow. - 6733336, CVE-2008-5357: Crash on malformed font. - 6766136, CVE-2008-5358: corrupted gif image may cause crash in java splashscreen library. - 6726779, CVE-2008-5359: ConvolveOp on USHORT raster can cause the JVM crash. - 6721753, CVE-2008-5360: File.createTempFile produces guessable file names. - 6592792: Add com.sun.xml.internal to the "package.access" property in $JAVA_HOME/lib/security/java.security. * Regenerate the control file. -- Matthias Klose Tue, 13 Jan 2009 15:04:36 +0100 openjdk-6 (6b14-0ubuntu2~ppa1) intrepid; urgency=low * Upload to the OpenJDK PPA for intrepid. -- Matthias Klose Tue, 13 Jan 2009 13:28:38 +0100 openjdk-6 (6b14-0ubuntu5) jaunty; urgency=low * Update IcedTea build infrastructure (20090113). * Rebuild with updated nss/nspr packages. * Update debug patches. * debian/patches/nonreparenting-wm.diff: If the _JAVA_AWT_WM_NONREPARENTING environment variable is set, disable all workarounds causing blank windows in non-reparentizing window managers (Bernhard R. Link). Closes: #508650. * Fix location of plugin for Debian. Closes: #505726. * Let the -jdk package provide java-compiler. Closes: #507641. -- Matthias Klose Tue, 13 Jan 2009 10:18:44 +0100 openjdk-6 (6b14-0ubuntu4) jaunty; urgency=low * Use a default jvm.cfg not only for java, but for all jdk tools. LP: #288616. * Update IcedTea build infrastructure (20081223). -- Matthias Klose Tue, 23 Dec 2008 09:24:23 +0100 openjdk-6 (6b14-0ubuntu3) jaunty; urgency=low * Update IcedTea build infrastructure (20081217). * Add support for PARISC. * Use a default jvm.cfg if the jvm.cfg doesn't yet exist after unpacking the runtime package. LP: #288616. -- Matthias Klose Wed, 17 Dec 2008 09:58:26 +0100 openjdk-6 (6b14~pre1-0ubuntu2) jaunty; urgency=low * Install hotspot tarball in -source-files package. * Fix build failure on sparc. -- Matthias Klose Fri, 05 Dec 2008 09:43:51 +0100 openjdk-6 (6b14~pre1-0ubuntu1) jaunty; urgency=low * New code drop (b14). * Update IcedTea build infrastructure (20081204). -- Matthias Klose Thu, 04 Dec 2008 11:40:56 +0100 openjdk-6 (6b13~pre2-0ubuntu2) jaunty; urgency=low * Update IcedTea build infrastructure (20081203). - Fix build failures on zero based architectures. * Add build dependency on libxrender-dev. * Don't use fastjar on ia64, working around a build failure. -- Matthias Klose Wed, 03 Dec 2008 18:43:23 +0100 openjdk-6 (6b13~pre2-0ubuntu1) jaunty; urgency=low * Update IcedTea build infrastructure (20081202). - Add Dec 3 OpenJDK security patches * Build with --with-hotspot-build, update patches for this config. -- Matthias Klose Wed, 03 Dec 2008 01:05:54 +0100 openjdk-6 (6b13~pre1-0ubuntu4) jaunty; urgency=low * Update IcedTea build infrastructure (20081122). - Fixes for the IcedTeaPlugin. LP: #300254. -- Matthias Klose Sat, 22 Nov 2008 10:42:10 +0100 openjdk-6 (6b13~pre1-0ubuntu3) jaunty; urgency=low * Fix versioned conflict on icedtea-gcjwebplugin. LP: #284299. * Update IcedTea build infrastructure (20081121). - Fixes for the IcedTeaPlugin. * Configure with pulseaudio in jaunty. -- Matthias Klose Fri, 21 Nov 2008 07:46:10 +0100 openjdk-6 (6b13~pre1-0ubuntu2) jaunty; urgency=low * Update IcedTea build infrastructure (20081117). * Use openjdk-6 as stage1 compiler on armel for a faster build. -- Matthias Klose Mon, 17 Nov 2008 18:43:17 +0100 openjdk-6 (6b13~pre1-0ubuntu1) jaunty; urgency=low * New code drop (b13). - In the langtools area, besides a few miscellaneous bug fixes (6760834, 6725036, 6657499), all the langtools regression tests now pass out of the box (6728697, 6707027) and if using the most recent version of jtreg, the langtools regression tests can be run in the much faster "same vm" mode of jtreg, enabled with the -s option (6749967, 6748541, 6748546, 6748601, 6759775, 6759795, 6759796, 6759996, 6760805, 6760930). - Gervill update, including applying a patch from IcedTea (6758986, 6748247, 6748251). - Publishing a few dozen additional existing regression tests as open source (6601457, 6759433, 6740185). - JMX and monitoring fixes (6651382, 6616825, 6756202, 6754672). - Man page updates (6757036, 6392810, 6504867, 6326773). - Assorted other fixes (6746055, 6621697, 6756569, 6356642, 6761678). * Update IcedTea build infrastructure (20081111). - Fix freeze in midi app, LP: #275672. - Fixes in the IcedTeaPlugin: LP: #282570, LP: #282570, LP: #285729, LP: #291377, LP: #37330, LP: #239533. - Fix vertical text metrics with freetype scaler. LP: #289784. * Build-depend on ecj-gcj instead of ecj on architectures using gij/gcj as the bootstrap system. * Fixed in 6b12: Stack overflow running Kea. LP: #244731. -- Matthias Klose Tue, 11 Nov 2008 12:39:16 +0100 openjdk-6 (6b12-1~exp1) experimental; urgency=low * Update IcedTea build infrastructure (20081025). -- Matthias Klose Sat, 25 Oct 2008 23:35:14 +0200 openjdk-6 (6b12-0ubuntu6) intrepid; urgency=low * Make the dependency on ca-certificates-java unversioned. * Merge from IcedTea: - plugin/icedtea/netscape/javascript/JSObject.java: Make long constructor public. -- Matthias Klose Fri, 24 Oct 2008 23:06:32 +0200 openjdk-6 (6b12-0ubuntu5) intrepid; urgency=low * Update IcedTea build infrastructure (20081024). - Add --pkgversion= configure option. - IcedTeaPlugin fixes. - Fix xjc regressions. * openjdk-jre-headless: Depend on ca-certificates-java. * Configure with --pkgversion= to encode the package version in the -version output and in vm dumps. * cacao: Handle VM options Xverify:all and Xverify:none. -- Matthias Klose Fri, 24 Oct 2008 13:39:29 +0200 openjdk-6 (6b12-0) experimental; urgency=low * Upload to experimental. * Pretend the availability of at least 384MB RAM; better swap on the buildds than failing the build. -- Matthias Klose Sun, 19 Oct 2008 11:15:28 +0200 openjdk-6 (6b12-0ubuntu4) intrepid; urgency=low * Update IcedTea build infrastructure (20081019). - plugin fix (Make applet size factors doubles instead of ints). * Don't fail the build when the jtreg summary is missing. * openjdk-6-source-files: Fix priority and section of the binary package. * Fix section of the plugin package. -- Matthias Klose Sun, 19 Oct 2008 09:29:03 +0200 openjdk-6 (6b12-0ubuntu3) intrepid; urgency=low * Update IcedTea build infrastructure (20081018). - Fix LiveConnect issues in the web plugin. LP: #282762. - Fail the build, if patches don't apply. * Show xvfb and xauth failures in the build log, when running the testsuites. * Kill processes which still hang after running the testsuite. Closes: #493339. * Run the testsuite in parallel, reducing build time. * openjdk-headless: Depend instead of recommending tzdata-java. -- Matthias Klose Sat, 18 Oct 2008 17:15:14 +0200 openjdk-6 (6b12-0ubuntu2) intrepid; urgency=low * icedtea6-plugin: Versioned conflict with icedtea-gcjwebplugin. LP: #184299. * Don't configure --with-alt-jar=/usr/bin/fastjar on hotspot archs and cacao builds. Working around a problem generating rt.jar. Manually add the netscape/javascript files in zero builds. * Update IcedTea build infrastructure (20081017). - configury updates. - IcedTeaPlugin update. * openjdk-6-jdk: Suggest visualvm. * Remove cacao patches found in cacao 0.99.4~20081012. -- Matthias Klose Fri, 17 Oct 2008 13:25:45 +0200 openjdk-6 (6b12-0ubuntu1) intrepid; urgency=low * Update IcedTea to the 1.3.0 release. * Apply upstream patch to fix upstream issue 6758986. -- Matthias Klose Wed, 15 Oct 2008 19:49:05 +0000 openjdk-6 (6b12~pre2-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sun, 12 Oct 2008 11:16:03 +0000 openjdk-6 (6b12~pre2-0ubuntu3) intrepid; urgency=low * Update IcedTea build infrastructure (20081015). * Add netscape/javascript class files to rt.jar. LP: #282762. * Be more verbose in the icedtea6-plugin package description. * Fix some lintian warnings. -- Matthias Klose Wed, 15 Oct 2008 12:45:59 +0200 openjdk-6 (6b12~pre2-0ubuntu2) intrepid; urgency=low * Update IcedTea build infrastructure (20081012). * When building as cacao, build a cacao-oj6-plugin package. * When building as cacao, run the testsuite on amd64, i386, sparc. * Add finnish translations to the desktop files (Timo Jyrinki). Closes: #494354. * Fix font paths (Rob Gom). Closes: #495988. * Reenable running the testsuite. * Fix pulse-java build failure on amd64. -- Matthias Klose Sun, 12 Oct 2008 13:05:49 +0200 openjdk-6 (6b12~pre2-0ubuntu1) intrepid; urgency=low * Update IcedTea build infrastructure (20081011). * debian/copyright: Add copyright notice for pulseaudio sound files. * Add support to build with pulseaudio support. -- Matthias Klose Sat, 11 Oct 2008 15:44:50 +0200 openjdk-6 (6b12~pre1-0ubuntu5) intrepid; urgency=low * Move the plugin from the -jre package into the -plugin package. -- Matthias Klose Fri, 10 Oct 2008 06:55:34 +0000 openjdk-6 (6b12~pre1-0ubuntu4) intrepid; urgency=low * Update IcedTea build infrastructure (20081009). * Configure with --enable-liveconnect, build an icedtea6-plugin package. Thanks to Deepak Bhole. LP: #207064, #195783, #199680, #202762, #220241, #242263, #242496, #242496, #250292, #269885, #274356, #274360, #259313. * Build an icedtea6-plugin package. * Merge changes from 6b11-9 packaging. * Build a openjdk-6-source-files packages (used as a build dependency of cacao-oj6). * Build depend on cacao-source for cacao-oj6 builds. -- Matthias Klose Thu, 09 Oct 2008 15:04:27 +0200 openjdk-6 (6b12~pre1-0ubuntu3) intrepid; urgency=low * Update IcedTea build infrastructure (20080915). * Reapply: openjdk-6-jre-headless: Make libnss-mdns a suggestion instead of a recommendation. LP: #261847. * Build-depend against fixed fastjar. LP: #267177. -- Matthias Klose Mon, 15 Sep 2008 20:16:51 +0200 openjdk-6 (6b12~pre1-0ubuntu2) intrepid; urgency=low * Update the icedtea-hotspot patch to b12, fixing build failures on zero archs (ia64, powerpc). -- Matthias Klose Sat, 13 Sep 2008 11:48:44 +0200 openjdk-6 (6b12~pre1-0ubuntu1) intrepid; urgency=low * New code drop (b12). * Update IcedTea build infrastructure (20080912). -- Matthias Klose Sat, 13 Sep 2008 00:41:42 +0200 openjdk-6 (6b11-6) unstable; urgency=low * Set minimum heap size independent of available memory for cacao builds. * Link the wrapper tools with -rdynamic for cacao builds. * Update cacao based builds: - Update cacao to 0.99.3, remove patches applied upstream. - Fix build failures on mipsel-linux. * Allow setting of the bootstrap compiler per architecture. * Configure --with-alt-jar set to fastjar to speed up builds. * Update IcedTea build infrastructure (20080815), remove local patches integrated in IcedTea. - Make use of unsigned/signed types explicit. - Fix PR icedtea/184, adding support for returning floats and doubles for zero builds. - Fix Fix PR icedtea/181, class type checks. -- Matthias Klose Fri, 15 Aug 2008 16:59:48 +0000 openjdk-6 (6b11-5) unstable; urgency=low * debian/rules (stamps/mauve-build): Configure with --host and --build. * openjdk-6-jdk: Recommend libxt-dev (jawt_md.h header includes). * Fix build issues on s390 (size_t is unsigned long). -- Matthias Klose Sun, 03 Aug 2008 20:05:44 +0200 openjdk-6 (6b11-4) unstable; urgency=low * Update IcedTea build infrastructure (20080801). - Fix typo, causing build failure on mipsel. -- Matthias Klose Fri, 01 Aug 2008 01:25:51 +0200 openjdk-6 (6b11-3) unstable; urgency=low * Include the name of the VM used in the package description. * Update IcedTea build infrastructure (20080731). * Build for alpha, arm, mips and mipsel. * Switch from libcupsys2(-dev) to libcups2(-dev) for newer releases. (Closes: #492384) * Add symlinks for header files found in JAVA_HOME/include/linux in JAVA_HOME/include. * openjdk-6-jre: Don' recommend lesstif2 anymore. -- Matthias Klose Thu, 31 Jul 2008 17:16:59 +0200 openjdk-6 (6b11-2ubuntu1) intrepid; urgency=low * xvfb seems to be broken when running with intrepid and an intrepid kernel. Nevertheless, run xvfb-run -s "-extension GLX" on the buildds (hardy kernels). * Stop the buildwatch process after the testsuite finishes. -- Matthias Klose Fri, 25 Jul 2008 12:33:44 +0200 openjdk-6 (6b11-2) unstable; urgency=low * Update IcedTea build infrastructure (20080724). * debian/buildwatch.sh: Track long building files with no visible output. * Fix build failure when not running the mauve testsuite. * Disable running the testsuite for cacao builds (leaving processes around). * Don't set a soversion for the cacao libjvm. * Configure with --host and --build. * Call xvfb-run with -s "-extension GLX". -- Matthias Klose Thu, 24 Jul 2008 22:25:30 +0200 openjdk-6 (6b11-1ubuntu2) intrepid; urgency=low * Update IcedTea build infrastructure (20080724). * debian/buildwatch.sh: Track long building files with no visible output. * Fix build failure when not running the mauve testsuite. * Disable running the testsuite for cacao builds (leaving processes around). * Don't set a soversion for the cacao libjvm. * Configure with --host and --build. -- Matthias Klose Thu, 24 Jul 2008 17:58:53 +0200 openjdk-6 (6b11-1ubuntu1) intrepid; urgency=low * Regenerate the control file. -- Matthias Klose Wed, 23 Jul 2008 00:42:16 +0200 openjdk-6 (6b11-1) unstable; urgency=low * New code drop (b11). * Update IcedTea build infrastructure (20080721). * debian/generate-dfsg.sh: Update for b11. * debian/patches/const_strings.patch, debian/patches/issue-6659207.diff: Remove, applied upstream. * debian/generate-debian-orig.sh: Fix /proc check. * debian/control.in: Loosen dependency of -jre-lib on -jre. * Support `nodocs' in DEB_BUILD_OPTIONS. * Remove build-dependency on lesstif2-dev. * Bootstrap using gcj on all archs; the 6b10dfsg-2 packages are broken. * Run the jtreg harness in a virtual X environment. * Install javazic.jar in the jre-lib package. * Don't run the testsuite on arm; the build already takes days; only run the testsuite on hotspot archs and powerpc. -- Matthias Klose Wed, 23 Jul 2008 00:28:12 +0200 openjdk-6 (6b10dfsg-2) unstable; urgency=low * Update IcedTea build infrastructure (20080714). * On arm configure cacao builds with --enable-softfloat. * Don't run the mauve testsuite for cacao builds (hangs the test runner process). * Don't configure cacao builds with --enable/-disable-zero. * Don't remove alternatives on upgrade. * debian/copyright: Add license for NanoXML. * Do recommends ttf-indic-fonts instead of ttf-indic-fonts-core for lenny and sid. Closes: #490619. * Ignore errors when registering the jar binfmt. The alternative may already be registered by another JVM. Closes: #490594. * openjdk-6-jre-headless: Depend on ttf-dejavu-core instead of ttf-dejavu. * On amd64, i386 and sparc, bootstrap using openjdk. -- Matthias Klose Mon, 14 Jul 2008 19:41:19 +0200 openjdk-6 (6b10dfsg-1ubuntu2) intrepid; urgency=low * Update IcedTea build infrastructure (20080702). - Do not configure --with-shark by default. - Update license headers from jdk7. * Start debian/buildwatch.sh for armel and sparc builds as well. * Allow configuration with --with-cacao. -- Matthias Klose Mon, 30 Jun 2008 13:30:06 +0200 openjdk-6 (6b10dfsg-1ubuntu1) intrepid; urgency=low * The rebuilt upstream tarball now has GPL-compatible free software licenses and documented copyrights and licenses. LP: #238569. * Fixed name of the xulrunner-1.9-javaplugin.so in the .jinfo file. LP: #226911. * Ignore errors during activation of class data sharing. Closes: #490617, #490672. -- Matthias Klose Mon, 30 Jun 2008 13:30:06 +0200 openjdk-6 (6b10dfsg-1) unstable; urgency=low * Rebuild the upstream tar ball: - Remove the jscheme jar files. - Apply the patch from Iris Clark (Sun) for the copyright headers (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=141#c4). - Remove jdk/src/share/classes/java/lang/instrument/package.html. - Upload to main. * Update IcedTea build infrastructure (20080628). * Build an openjdk-6-dbg package. * patches/gcc-mtune-generic.diff: Fix typo. * openjdk-6-jre: Depend on ttf-dejavu. * debian/copyright: Add two more copyright holders, not directly mentioned in the third party readme. Replace Apache 2.0 license with pointer to common-licenses. * Fix more lintian warnings. * debian/sun_java_app.xpm: Downsize icon to 32x32 pixels. * Build-depend/depend on rhino. -- Matthias Klose Sun, 29 Jun 2008 17:42:51 +0200 openjdk-6 (6b10-1) unstable; urgency=low * New code drop (b10). - Still some non-compliant license headers found in openjdk/corba/src/share/classes/com/sun/tools/corba/se/idl. - Upload to non-free. * Update IcedTea build infrastructure (20080603). * In fontconfig.properties, fix Korean font names and add paths to the Luxi fonts for Motif. Add fonts for Indic languages. * Install compilefontconfig.jar in openjdk-6-jre-lib package. * Run the testsuites of hotspot, langtools and jdk. * Include the jscheme-5.0 sources in the tarball, mention the jscheme licenses in debian/copyright. * Use the certificates provided by the ca-certificates-java package. * More fontconfig updates (Arne Goetje). * Fix some lintian warnings. * Correct build-dependency for openjdk based bootstraps. -- Matthias Klose Wed, 04 Jun 2008 01:46:52 +0200 openjdk-6 (6b09-1~pre1) unstable; urgency=low [ Matthias Klose ] * New code drop (b09). * Update IcedTea build infrastructure (20080528). - Add missing color profiles. LP: #225174. - Moved system properties defined in hotspot to TrustManagerFactoryImpl. LP: #224455. * 6636469_v4.diff: Remove, committed in IcedTea. * debian/control: Update Vcs-* attributes. * debian/JB-jre-headless.p*.in: Fix update-binfmts calls. * Compress the man pages, fixing the slave symlinks of the alternatives. * javaws.desktop: Add `%u' to the Exec key, remove -viewer option. * openjdk-6-jre-headless: Recommends libnss-mdns. * openjdk-6-jre-headless: Warn about unmounted /proc file system. * debian/JB-jre.mime.in: Remove the -viewer option from command (Tan Rui Boon). * Add a `docs' symlink pointing to /usr/share/doc/openjdk-6. LP: #218405. * Set maintainer to the team list. * Add copyright notices for patches and generated files. * Add helper scripts to modify upstream tarball and generate the debian tarball. * Fix names for browser alternatives in jinfo file, set browser_plugin_dirs unconditionally. * Recommend the ttf-wqy-zenhei font instead of ttf-arphic-uming, if the latter is available in Truetype Collection (TTC) format only, add the fontconfig changes as a patch. * Make the cjk font packages configurable in the control file. * Use GCC-4.3 on all platforms where available. * Install a config file swing.properties, allowing a user to change the default look and feel. LP: #229112. * When trying to determine the executable name reading /proc/self/exe, discard known prefixes used for unionfs mounts. LP: #224110. * Explicitely configure with --disable-zero on hotspot architectures. * Add fix for issue 6659207, access violation in CompilerThread0. Addresses #478560. Needs checking: LP: #229207. * Disable building the docs on ia64, powerpc and sparc, we don't build architecture independent packages on these architectures. * Explicitely configure --with-parallel-jobs, needed by the updated IcedTea. * Backport the linux-sparc patches, enable building on sparc. LP: #154080. * Don't use an absolute path calling the compiler. * Replace the OpenJDK version in desktop and menu files. * Install menu files. * Install openjdk-6-java.desktop in -jre, instead of -jre-headless. -- Matthias Klose Wed, 14 May 2008 08:49:54 +0200 openjdk-6 (6b08-1) unstable; urgency=low [ Torsten Werner ] * first upload to Debian (Closes: #452750) * Regenerate debian/control. * Switch to bzip2 package compression in Debian but leave lzma compression in Ubuntu. * Temporarily downgrade Depends: tzdata-java to Recommends until the package becomes available in Debian. * Add myself to Uploaders. * Do not install extras license file in openjdk-6-jre-lib. * Add patch shebang.diff to fix a lintian warning. * Install openjdk-6-java.desktop into the correct binary package. * Improve some package descriptions. * Remove some empty directories from binary packages. * Install README.Debian in every binary package and give it some useful content. * Install java-rmi.cgi in package openjdk-6-jre-headless and mention it in README.Debian. * Install /usr/bin/jexec via update-alternatives. * Downgrade Depends: java-common (>= 0.28). * Add patch jexec.diff to make the jexec binary executable without specifying an absolute path. * Add Build-Depends: xauth and xfonts-base for mauve. * Update and install the lintian override files. * Replace all occurences of binary:Version and source:Version by Source-Version to be compatible with Ubuntu release 6.06. * Remove Conflicts: gcjwebplugin. [ Michael Koch ] * Fixed Vcs-Bzr and Vcs-Browser fields. * Removed Encoding entry from all debian/*.desktop.in files. [ Matthias Klose ] * Make Java Full Screen Exclusive Mode work again with Xorg Server 1.3 and above (Dan Munckton). LP: #154613 (Java bug 6636469). * Configure with --enable-zero on all archs except amd64, i386, lpia. * Update IcedTea build infrastructure. * Handle binary files in updates of the build infrastructure. * Enable bootstrap/normal builds per architecture. * javaws-wrapper.sh: Use readlink --canonicalize. LP: #211515. * binfmt-support: Handle /usr/share/binfmts/jar as a slave symlink of the jexec alternative, install the binfmt file in the jre libdir. Use the jexec alternative in the binfmt file. * JB-jre-headless.postinst.in: Remove sun-java6 specific chunks. * Differentiate between the openjdk version required as dependency and as build dependency. -- Torsten Werner Wed, 09 Apr 2008 10:12:55 +0200 openjdk-6 (6b08-0ubuntu1) hardy; urgency=low * New code drop (b08). * Update IcedTea build infrastructure. * Move binfmt-support references from -jre to -jre-headless package. * Don't fail on purge, if /var/lib/binfmts/openjdk-6 is missing. LP: #206721. * Only use the basename for icons in desktop files. LP: #207413. * Install javaws(1). LP: #191297. * Install a wrapper script for javaws, which calls `javaws -viewer' if no arguments are given (or else starting javaws from the desktop menu would not do anything). * debian/JB-web-start.applications.in: Remove the -viewer option from command. -- Matthias Klose Fri, 28 Mar 2008 16:10:32 +0000 openjdk-6 (6b07-0ubuntu1) hardy; urgency=low * New code drop (b07). * Update IcedTea build infrastructure. * debian/copyright: Update to OpenJDK Trademark Notice v1.1. -- Matthias Klose Sat, 22 Mar 2008 22:41:42 +0100 openjdk-6 (6b06-0ubuntu12) hardy; urgency=low * Update icon locations in menu files. * openjdk-6-jre-headless: Provide java-virtual-machine. LP: #189953. * openjdk-6-jre-headless: Add a conflict to gcjwebplugin; for openjdk use the icetea-gcjwebplugin, for gij the java-gcj-compat-plugin. -- Matthias Klose Sat, 22 Mar 2008 20:12:41 +0100 openjdk-6 (6b06-0ubuntu11) hardy; urgency=low * Update IcedTea to 20080319. * Move rt.jar into the openjdk-6-jre-headless package; sun/awt/X11 class files differ between amd64 and i386. * Install all desktop files in /usr/share/applications. -- Matthias Klose Wed, 19 Mar 2008 23:53:36 +0100 openjdk-6 (6b06-0ubuntu10) hardy; urgency=low * Remove print-lsb-release.patch, forwarded to IcedTea. * Fix IcedTea configure to detect libffi without pkg-config. -- Matthias Klose Wed, 12 Mar 2008 20:28:55 +0100 openjdk-6 (6b06-0ubuntu9) hardy; urgency=low * Build-depend on libffi4-dev on architectures other than amd64, i386, lpia. * Install icons in /usr/share/pixmaps, not /usr/share/icons. * debian/rules: Call dh_icons. -- Matthias Klose Wed, 12 Mar 2008 11:34:44 +0100 openjdk-6 (6b06-0ubuntu8) hardy; urgency=low * Tighten dependency on java-common. * debian/copyright: Include trademark notice. * debian/control: Mention IcedTea in the package descriptions. * Update IcedTea to 20080311. -- Matthias Klose Tue, 11 Mar 2008 21:39:27 +0100 openjdk-6 (6b06-0ubuntu7) hardy; urgency=low * Build-depend on unzip. -- Matthias Klose Fri, 07 Mar 2008 16:47:43 +0100 openjdk-6 (6b06-0ubuntu6) hardy; urgency=low * Build-depend on zip. -- Matthias Klose Fri, 07 Mar 2008 16:16:52 +0100 openjdk-6 (6b06-0ubuntu5) hardy; urgency=low * debian/mauve_tests: javax.swing.text.html.HTML.ElementTagAttributeTest, removed, tries to access the network. * debian/README.alternatives.in: Update for --jre-headless. * debian/rules: Fix paths for OpenJDK based bootstrap. * Compress packages using lzma. * Drop build dependency on zip, unzip. * Fix build infrastructure to bootstrap with OpenJDK instead of ecj. * Do not build the gcjwebplugin from the OpenJDK source. -- Matthias Klose Fri, 07 Mar 2008 13:53:15 +0100 openjdk-6 (6b06-0ubuntu4) hardy; urgency=low * Don't register a java-rmi.cgi alternative in /usr/bin. -- Matthias Klose Thu, 06 Mar 2008 17:59:35 +0100 openjdk-6 (6b06-0ubuntu3) hardy; urgency=low * Split out a openjdk-6-jre-headless package, depend on java-common, supporting update-java-alternatives --jre-headless. * Make openjdk-6-jre-headless and openjdk-6-jre architecture any. * New package openjdk-6-jre-lib (arch all). * Remove openjdk-6-bin package. * debian/patches/openjdk-ubuntu-branding.patch: New patch. * Install images/cursors/cursors.properties as a config file. * Do not compress demos and examples in the -demo package. * openjdk-6-jre: Add dependency on libxinerama1. * Update IcedTea to 20080305. * Don't generate cacerts ourself, but depend on ca-certificates, fix location of javax.net.ssl.trustStore property. * Build-depend on mauve and xvfb; run some mauve tests (the list of tests taken from the Fedora package). * Keep a backup of the `generated' directory; some files are regenerated differently, increasing the size of the diff. -- Matthias Klose Thu, 06 Mar 2008 10:05:39 +0100 openjdk-6 (6b06-0ubuntu2) hardy; urgency=low * Re-add gawk and pkg-config as build dependencies. -- Matthias Klose Tue, 04 Mar 2008 12:20:21 +0100 openjdk-6 (6b06-0ubuntu1) hardy; urgency=low * New code drop (b06). * Remove java-access-bridge tarball, use an externally built package. * Update IcedTea to 20080304. * Don't use any compiler flags from the environment. -- Matthias Klose Tue, 04 Mar 2008 09:16:59 +0100 openjdk-6 (6b05-0ubuntu1) hardy; urgency=low * First public OpenJDK upstream code drop (b05). * Depend on tzdata-java. -- Matthias Klose Fri, 29 Feb 2008 19:05:42 +0100 icedtea-java7 (7~b24-1.5+20080118-2) UNRELEASED; urgency=low * Fix removal of alternatives. -- Matthias Klose Sat, 26 Jan 2008 18:41:40 +0100 icedtea-java7 (7~b24-1.5+20080118-1) hardy; urgency=low * Fix installation of the plugin for firefox-3.0. -- Matthias Klose Sat, 19 Jan 2008 15:10:18 +0100 icedtea-java7 (7~b24-1.5+20080118-1~ppa1) hardy; urgency=low * Update IcedTea to 20080118. * Fix another build failure when gcc version != gcj version. * Use the versioned compiler to build the corba parts. * Register plugin for firefox-3.0. * Build using GCC-4.3. -- Matthias Klose Fri, 18 Jan 2008 21:15:08 +0100 icedtea-java7 (7~b24-1.5-2) UNRELEASED; urgency=low * First upload to Debian. Closes: #452750. * debian/control.in: - Moved package from universe/devel section to devel. - Put icedtea-java7-doc into doc section. - Added Homepage field and removed Homepage pseudo field from descriptions. - Updated Standards-Version to 3.7.3. * debian/rules: - Check if Makefile exists before called clean in clean target. * debian/copyright: Converted to UTF-8. -- Michael Koch Sat, 05 Jan 2008 13:34:46 -0100 icedtea-java7 (7~b24-1.5-1) hardy; urgency=low * Update to IcedTea-1.5. * debian/patches/ssp-interpreter.diff: Use bash to call the ssp script, backslash handling differs betweend dash and bash. -- Matthias Klose Fri, 04 Jan 2008 09:58:27 +0100 icedtea-java7 (7~b24-1.5~20071214-1) hardy; urgency=low * New upstream snapshot (b24). * Update java-access-bridge to 1.21.1. * On powerpc keep the build alive using buildwatch script. * Do not install menu entries for javaws, ControlPanel. LP: #155553, #156673. * README.alternatives: Fix example. LP: #157063. -- Matthias Klose Fri, 14 Dec 2007 11:09:22 +0100 icedtea-java7 (7~b23-1.5~20071124-4) hardy; urgency=low * Allow libungif4-dev as alternative build dependency. * On powerpc keep the build alive using buildwatch script. * Always build the plugin using libxul-dev. -- Matthias Klose Mon, 10 Dec 2007 15:20:16 +0100 icedtea-java7 (7~b23-1.5~20071124-3) hardy; urgency=low * Lower optimization to -O2 for building the jdk on amd64. * Reenable parallel build. * Link using -Bsymbolic-functions. * debian/patches/arguments.patch, debian/patches/const_strings.patch: New patches (Arnaud Vandyck). -- Matthias Klose Thu, 29 Nov 2007 18:50:41 +0100 icedtea-java7 (7~b23-1.5~20071124-2) hardy; urgency=low * Bootstrap using ecj/gcj. * Build using g++-4.1 on i386, lpia, powerpc. -- Matthias Klose Wed, 28 Nov 2007 14:46:48 +0000 icedtea-java7 (7~b23-1.5~20071124-1) hardy; urgency=low * New upstream snapshot (b23). -- Matthias Klose Tue, 27 Nov 2007 15:48:08 +0100 icedtea-java7 (7~b22-1.5~20071018-0ubuntu3) hardy; urgency=low * Revert the previous change, require 7~b22 versions again. -- Matthias Klose Sat, 20 Oct 2007 14:33:26 +0000 icedtea-java7 (7~b22-1.5~20071018-0ubuntu2) hardy; urgency=low * Loosen dependencies to 7~b21, until package is built on all archs. -- Matthias Klose Sat, 20 Oct 2007 07:48:36 +0000 icedtea-java7 (7~b22-1.5~20071018-0ubuntu1) hardy; urgency=low * New upstream snapshot (b22). * Don't use parallel builds to make the build log better comparable. -- Matthias Klose Fri, 19 Oct 2007 19:49:51 +0200 icedtea-java7 (7~b21-1.4+20071007-0ubuntu5) gutsy; urgency=low * Update icedtea to vcs 20071012 (1.4 release), checked that the plugin works on amd64. * debian/copyright: Update "License Headers" section. -- Matthias Klose Sun, 14 Oct 2007 19:55:12 +0200 icedtea-java7 (7~b21-1.4+20071007-0ubuntu4) gutsy; urgency=low * Bootstrapping trigger upload for final step of bootstrapping i386, amd64, lpia. -- LaMont Jones Wed, 10 Oct 2007 22:04:25 -0600 icedtea-java7 (7~b21-1.4+20071007-0ubuntu3) gutsy; urgency=low * Add build dependency on bzip2. -- Matthias Klose Wed, 10 Oct 2007 09:00:40 +0000 icedtea-java7 (7~b21-1.4+20071007-0ubuntu2) gutsy; urgency=low * Add build dependency on ant. -- Matthias Klose Wed, 10 Oct 2007 06:33:14 +0000 icedtea-java7 (7~b21-1.4+20071007-0ubuntu1) gutsy; urgency=low * Update icedtea to vcs 20071007. * Update java-access-bridge to 1.20.0. * Add build-dependency on libxinerama-dev. * Add Xb-Npp-xxx tags for the -plugin package. * Name the plugin "GCJ Web Browser Plugin (using IcedTea)", GCJ now "Great Cool Java" (according to Michael Koch). * Compress binary-indep packages using bzip2. -- Matthias Klose Sun, 7 Oct 2007 23:43:28 +0200 icedtea-java7 (7~b21-1.4+20071002-0ubuntu2) gutsy; urgency=low * Rebuild using icedtea 7~b21. -- Matthias Klose Tue, 02 Oct 2007 19:45:21 +0200 icedtea-java7 (7~b21-1.4+20071002-0ubuntu1) gutsy; urgency=low * New upstream snapshot (b21). * Correctly unregister the executable binary format in the -bin package. * Assemble the debian/copyright file. -- Matthias Klose Tue, 2 Oct 2007 09:59:37 +0200 icedtea-java7 (7~b19-1.3+20070905-0ubuntu1) gutsy; urgency=low * New upstream snapshot (b19). * Build using g++-4.2 on amd64, using g++-4.1 on i386 and lpia. * Build without -Werror, upstream source is not yet warning clean. * Support DEB_BUILD_OPTIONS=parallel=. * Add build dependency on wget. * Add font suggestions. * Changed font configuration to fix CJK font support (Arne Goetje). * Fix location of the plugin, when registering the plugin alternatives. -- Matthias Klose Thu, 6 Sep 2007 00:46:40 +0200 icedtea-java7 (7~b18-1.2+20070822-0ubuntu2) gutsy; urgency=low * Create browser plugin directories. * Build-depend on liblcms1-dev. * Recommend packages with dlopened libraries: liblcms1, lesstif2, libcupsys2, libgtk2.0-0, libgnome2-0, libgnomevfs2-0, libgconf2-4, libxrandr2, libgl1-mesa-glx. -- Matthias Klose Tue, 21 Aug 2007 17:21:00 +0200 icedtea-java7 (7~b18-1.2+20070822-0ubuntu1) gutsy; urgency=low * New upstream version. * Include java-access-bridge. * Build -doc, -plugin packages. * Register alternatives, priority 1060. -- Matthias Klose Tue, 21 Aug 2007 17:21:00 +0200 icedtea-java7 (7~b17-1.2+20070808-1) gutsy; urgency=low * Initial release, discard the initial packaging based on cdbs. * Base the packaging on the sun-javaX packages. -- Matthias Klose Wed, 08 Aug 2007 15:55:39 +0200 icedtea (7~b16-20070724-1) UNRELEASED; urgency=low * Update upstream tarball to 7~b16, update icedtea to 20070724. * debian/control: Build-depend on libfreetype6-dev. * debian/rules: Configure --with-jar=/usr/bin/fastjar. * Build using gcj-4.2. -- Matthias Klose Tue, 24 Jul 2007 11:24:55 +0200 icedtea (7~b14-20070704-1) unstable; urgency=low * Initial version. -- Michael Koch Wed, 04 Jul 2007 08:25:31 -0100