-
openjdk-7 (7u211-2.6.17-0ubuntu0.1) trusty-security; urgency=medium
* IcedTea release 2.6.17 (based on 7u211).
* Security fixes:
- S8206290, CVE-2019-2422: Better FileChannel transfer performance.
- S8209094, CVE_2019-2426: Improve web server connections.
- S8210866, CVE-2018-11212: Improve JPEG processing.
- S8199156: Better route routing.
- S8199161: Better interface enumeration.
- S8199166: Better interface lists.
- S8199552: Update to build scripts.
- S8200659: Improve BigDecimal support.
- S8203955: Improve robot support.
- S8204895: Better icon support.
- S8205356: Choose printer defaults.
- S8205709: Proper allocation handling.
- S8205714: Initial class initialization.
- S8206295: More reliable p11 transactions.
- S8206301: Improve NIO stability.
- S8208585: Make crypto code more robust.
- S8210094: Better loading of classloader classes.
- S8210606: Improved data set handling.
- S8210610: Improved LSA authentication.
- S8210870: Libsunmscapi improved interactions.
* debian/patches/hotspot-S8207151-fix-bad-klassoop.patch,
debian/patches/openjdk-jdk7u191-b01-jaxp.patch
debian/patches/openjdk-jdk7u191-b01-jdk.patch
debian/patches/openjdk-jdk7u201-b00-hotspot.patch
debian/patches/openjdk-jdk7u201-b00-jaxp.patch
debian/patches/openjdk-jdk7u201-b00-jdk.patch: removed, applied upstream.
* debian/patches/zero-sparc.diff: updated to fix merge failure in
file hotspot/src/share/vm/c1/c1_LIRAssembler.cpp.
-- Tiago Stürmer Daitx <email address hidden> Wed, 20 Mar 2019 05:22:37 +0000
-
openjdk-7 (7u181-2.6.14-0ubuntu0.3) trusty-security; urgency=medium
* Apply 7u201-b00 security patches.
* Security fixes:
- CVE-2018-3136, S8194534: Manifest better support.
- CVE-2018-3139, S8196902: Better HTTP redirection support.
- CVE-2018-3149, S8199177: Enhance JNDI lookups.
- CVE-2018-3169, S8199226: Improve field accesses.
- CVE-2018-3180, S8202613: Improve TLS connections stability.
* debian/patches/jdk-freetypeScaler-crash.diff: removed, it caused
a memory leak and has been fixed upstream already, albeit in a
different way. Closes: #910672.
* debian/patches/jdk-8132985-backport-double-free.patch,
debian/patches/jdk-8139803-backport-warning.patch: fix crash in
freetypescaler due to double free, thanks to Heikki Aitakangas for
the report and patches. (Closes: #911847)
* debian/rules: run only the hotspot testsuite for jamvm and zero
alternative vms to make build faster.
-- Tiago Stürmer Daitx <email address hidden> Thu, 11 Oct 2018 01:47:12 +0000
-
openjdk-7 (7u181-2.6.14-0ubuntu0.2) trusty-security; urgency=medium
* Apply 8u181 security backports.
* Security fixes:
- CVE-2018-2938, S8197871: Support Derby connections.
- CVE-2018-2952, S8199547: Exception to Pattern Syntax.
- S8191239: Improve desktop file usage.
- S8193419: Better Internet address support.
- S8197925: Better stack walking.
- S8200666: Improve LDAP support.
* debian/patches/hotspot-S8207151-fix-bad-klassoop.patch: fix bug introduced
by the backport of S8189123. LP: #1778930.
-- Tiago Stürmer Daitx <email address hidden> Mon, 23 Jul 2018 20:03:03 +0000
-
openjdk-7 (7u181-2.6.14-0ubuntu0.1) trusty-security; urgency=medium
* IcedTea release 2.6.14 (based on 7u181). Closes: #898976.
* Security fixes:
- S8162488: JDK should be updated to use LittleCMS 2.8
- S8180881: Better packaging of deserialization
- S8182362: Update CipherOutputStream Usage
- S8183032: Upgrade to LittleCMS 2.9
- S8189123: More consistent classloading
- S8189969, CVE-2018-2790: Manifest better manifest entries
- S8189977, CVE-2018-2795: Improve permission portability
- S8189981, CVE-2018-2796: Improve queuing portability
- S8189985, CVE-2018-2797: Improve tabular data portability
- S8189989, CVE-2018-2798: Improve container portability
- S8189993, CVE-2018-2799: Improve document portability
- S8189997, CVE-2018-2794: Enhance keystore mechanisms
- S8190478: Improved interface method selection
- S8190877: Better handling of abstract classes
- S8191696: Better mouse positioning
- S8192025, CVE-2018-2814: Less referential references
- S8192030: Better MTSchema support
- S8192757, CVE-2018-2815: Improve stub classes implementation
- S8193409: Improve AES supporting classes
- S8193414: Improvements in MethodType lookups
- S8193833, CVE-2018-2800: Better RMI connection support
* debian/patches/hotspot-disable-exec-shield-workaround.patch: removed,
upstream fixed i386 stack guard support in S8197429 (hotspot's mercurial
commit 6636:d673ec579604).
* debian/patches/hotspot-powerpcspe.diff: removed, support added upstream by
S8186461 in hotspot's mercurial commit 6638:7517e77dd338.
* debian/patches/it-patch-updates.diff: remove unnecessary hunks.
* debian/rules: remove hotspot-powerpcspe.diff and
hotspot-disable-exec-shield-workaround.patch from applied patches.
-- Tiago Stürmer Daitx <email address hidden> Mon, 04 Jun 2018 23:11:45 +0000
-
openjdk-7 (7u171-2.6.13-0ubuntu0.14.04.2) trusty-security; urgency=medium
* IcedTea release 2.6.13 (based on 7u171). (Closes: #891330).
* Security fixes:
- S8160104: CORBA communication improvements
- S8172525, CVE-2018-2579: Improve key keying case
- S8174756: Extra validation for public keys
- S8175932: Improve host instance supports
- S8176458: Revise default document styling
- S8178449, CVE-2018-2588: Improve LDAP logins
- S8178458: Better use of certificates in LDAP
- S8178466: Better RSA parameters
- S8179536: Cleaner print job handling
- S8179990: Cleaner palette entry handling
- S8180011: Cleaner native graphics device handling
- S8180015: Cleaner AWT robot handling
- S8180020: Improve SymbolHashMap entry handling
- S8180433: Cleaner CLR invocation handling
- S8180877: More deeply colored ICC spaces
- S8181664: Improve JVM UTF String handling
- S8181670: Improve implementation of keystores
- S8182125, CVE-2018-2599: Improve reliability of DNS lookups
- S8182387, CVE-2018-2603: Improve PKCS usage
- S8182601, CVE-2018-2602: Improve usage messages
- S8185292, CVE-2018-2618: Stricter key generation
- S8185325, CVE-2018-2641: Improve GTK initialization
- S8186080: Transform XML interfaces
- S8186212, CVE-2018-2629: Improve GSS handling
- S8186600, CVE-2018-2634: Improve property negotiations
- S8186606, CVE-2018-2633: Improve LDAP lookup robustness
- S8186867: Improve native glyph layouts
- S8186998, CVE-2018-2637: Improve JMX supportive features
- S8189284, CVE-2018-2663: More refactoring for deserialization cases
- S8190289, CVE-2018-2677: More refactoring for client deserialization cases
- S8191142, CVE-2018-2678: More refactoring for naming deserialization cases
* Remove multiarch-support pre-dependency. (Closes: #887858).
openjdk-7 (7u161-2.6.12-1) experimental; urgency=medium
* IcedTea release 2.6.12 (based on 7u161).
* Disable Hotspot workaround for Exec Shield (Debian only).
Addresses: #876051.
* Build-depend on g++-4.7 on wheezy. This is the default on some
architectures such as amd64 or i386, but not on armhf or armel,
which default to 4.6. There the build was working before because
the bootstrap build pulled gcj-jdk, which depends on gcj-4.7-jdk
and that in turn depends on g++-4.7. However since we have
disabled the bootstrap build now, g++-4.7 is no longer installed
on arm* builds, causing the build failure which couldn't be seen
on amd64 (Emilio Pozuelo Monfort).
-- Tiago Stürmer Daitx <email address hidden> Sat, 03 Mar 2018 01:32:58 +0000
-
openjdk-7 (7u151-2.6.11-2ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to 14.04.
* debian/patches/hotspot-aarch64-S8145438-fix-field-too-big-for-insn.patch:
the S8144028 fix was incomplete and followed up by S8145438; without it
aarch64 JVM can fail with "Internal Error, failed: Field too big for
insn".
-- Tiago Stürmer Daitx <email address hidden> Tue, 21 Nov 2017 02:10:21 +0000
-
openjdk-7 (7u151-2.6.11-0ubuntu1.14.04.1) trusty-security; urgency=medium
* IcedTea release 2.6.11 (based on 7u151). Closes: #869816.
* Security fixes:
- S8163958, CVE-2017-10102: Improved garbage collection.
- S8167228: Update to libpng 1.6.28.
- S8169209, CVE-2017-10053: Improved image post-processing steps.
- S8169392, CVE-2017-10067: Additional jar validation steps.
- S8170966, CVE-2017-10081: Right parenthesis issue.
- S8172204, CVE-2017-10087: Better Thread Pool execution.
- S8172461, CVE-2017-10089: Service Registration Lifecycle.
- S8172465, CVE-2017-10090: Better handling of channel groups.
- S8172469, CVE-2017-10096: Transform Transformer Exceptions.
- S8173286, CVE-2017-10101: Better reading of text catalogs.
- S8173697, CVE-2017-10107: Less Active Activations.
- S8173770, CVE-2017-10074: Image conversion improvements.
- S8174098, CVE-2017-10110: Better image fetching.
- S8174105, CVE-2017-10108: Better naming attribution.
- S8174113, CVE-2017-10109: Better sourcing of code.
- S8174770: Check registry registration location.
- S8174873: Improved certificate processing.
- S8175106, CVE-2017-10115: Higher quality DSA operations.
- S8175110, CVE-2017-10118: Higher quality ECDSA operations.
- S8176055: JMX diagnostic improvements.
- S8176067, CVE-2017-10116: Proper directory lookup processing.
- S8176760, CVE-2017-10135: Better handling of PKCS8 material.
- S8178135, CVE-2017-10176: Additional elliptic curve support.
- S8181420, CVE-2017-10074: PPC: Image conversion improvements.
- S8182054, CVE-2017-10243: Improve wsdl support.
- S8183551, CVE-2017-10074, PR3423: AArch64: Image conversion improvements.
- S8184119, CVE-2017-10111: Incorrect return processing for the LF editor
of MethodHandles.permuteArguments.
* d/control.in:
- remove @bd_compress@ dependency.
- replace @bd_autotools@ with fixed dependencies.
* d/control.tests: package to hold all tests artifacts and logs.
* d/repack: fixed and simplified download script.
* d/rules:
- include openjdk-7-tests package on Ubuntu derivatives only.
- only save the full jtreg results when the openjdk-7-tests package
is being built, otherwise stick to old behaviour (keep compressed
test summaries + failed test results). Closes: #863007, #865533.
- only run the long jdk testsuite when default vm is a hotspot.
- only run the full testsuite for zero alternative vm on very fast
systems, otherwise stick to the hotspot testsuite to avoid long
build times.
- try /etc/os-release before lsb-release; allow distrel to be set
from the command line.
- remove with_nss as all supported releases have it now.
- remove gcc/g++ configurations for EOL releases.
- keep libjpeg8 dependency on wheezy, replace it with libjpeg62-turbo
on other Debian releases and libjpeg-turbo8 on Ubuntu. Closes: #766601.
- remove old logic to depend on libcupsys2.
- always set rhino_source, all supported releases have dpkg > 1.16.2.
- remove bd_compress and pkg_compress as they haven't been used for
quite a while.
- remove with_wgy_zenhai logic, lenny is EOL.
- remove bd_autotools logic if/then, call dh_autoreconf and
dh_autoreconf_clean.
- simplify bootstrap dependency logic and remove EOL releases.
- remove EOL releases from gcc/g++ dependency logic.
- remove unused jamvm_defaults and simplify jamvm_archs logic.
- use ttf-indic-fonts for trusty, otherwise stick to fonts-indic.
- have build rule depend on debian/control in order to fail if it
is ever regenerated at build time.
- patch configure after dh_autoreconf call to include additional
/usr/lib/jvm directories; setting DEB_HOST_ARCH=alpha to check
if patches apply correctly fails because alpha requires a jdk for
bootstrap and IcedTea does not look into our usual directories.
* d/p/fontconfig-arphic-uming.diff: removed, not used since lenny.
* d/p/jdk-getAccessibleValue.diff: libatk-wrapper-java: File selection
dialog not refreshed when changing directory. Kindly provided by
Samuel Thibault. Closes: #827741.
* d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch:
deleted, included in IcedTea 2.6.10.
* d/p/kfreebsd-support-jdk.diff: updated, was failing to apply due to
jdk changes in NetworkInterface.c.
* d/p/sec-webrev-8u131-*.patch: deleted, included in IcedTea 2.6.10.
* d/p/zero-sparc.diff: commented out chaitin.hpp hunk #1 as that #ifdef
has been removed by JDK-8011621 (backported by IcedTea 2.6.10); this
was also backported to 7u131 through JDK-8160961 but then backed out,
better keep the hunk in case IcedTea decides to back it out as well.
-- Tiago Stürmer Daitx <email address hidden> Thu, 18 May 2017 02:53:34 +0000
-
openjdk-7 (7u131-2.6.9-0ubuntu0.14.04.2) trusty-security; urgency=medium
* Fix JDK regression introduced by 7u131 upgrade: (LP: #1691126)
- d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch:
fix "IllegalArgumentException: jdk.tls.namedGroups" backported
from http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f5d0aadb4d1c
-- Tiago Stürmer Daitx <email address hidden> Wed, 17 May 2017 00:39:54 +0000
-
openjdk-7 (7u131-2.6.9-0ubuntu0.14.04.1) trusty-security; urgency=medium
* IcedTea release 2.6.9 (based on 7u131):
* Security fixes
- S8167110, CVE-2017-3514: Windows peering issue.
- S8163528, CVE-2017-3511: Better library loading.
- S8169011, CVE-2017-3526: Resizing XML parse trees.
- S8163520, CVE-2017-3509: Reuse cache entries.
- S8171533, CVE-2017-3544: Better email transfer.
- S8170222, CVE-2017-3533: Better transfers of files.
- S8171121, CVE-2017-3539: Enhancing jar checking.
- S8172299: Improve class processing.
* debian/compat: updated from 5 to 9.
* debian/watch: using watch version 4 to download both icedtea and
icedtea-sound. LP: #1642420.
* debian/repack: simplified tarball download.
* debian/rules:
- removed 8u121 patches as they have been applied to 7u131.
- building icedtea-sound on build/ directory
- replaced 'dh_strip -k' calls by dh_prep
- have the 'build' rule depend on 'debian/control' rule to force
failure if debian/control gets regenerated.
- added file 'security/blacklisted.cert' to be copied to etc dir
(introduced by S8011402).
- simplified build dependencies.
- removed jtreg's xvfb-run call since icedtea takes care of calling it.
- removed window manager as there are no additional significant failures
on the jdk tests when not running one.
- re-enabled jdk jtreg tests.
- removed lpia arch.
- use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional
package names.
- drop Recommends on obsolete GNOME libraries so they are not in a
default GNOME desktop installation (Simon McVittie). Closes: #850270.
+ sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
over obsolete libgconf2-4.
+ sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
over libgnomevfs-2-0.
+ sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
libgnomevfs2-0.
* debian/control.in: added static build dependencies as their previous
selection logic in debian/rules is no longer required.
* debian/control: regenerated.
* debian/patches/icedtea-sound.diff: removed, now packing icedtea-sound
1.0.1 which includes those fixes.
* debian/upstream/signing-key.asc: add new signing key.
-- Tiago Stürmer Daitx <email address hidden> Mon, 08 May 2017 23:02:52 +0000
-
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.3) trusty-security; urgency=medium
* Security fixes from 8u121:
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
required call to super.init allowing for uninitialized objects to be
created.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
confusion.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
-- Tiago Stürmer Daitx <email address hidden> Tue, 07 Feb 2017 17:55:31 +0000
-
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to Ubuntu 14.04.
* IcedTea release 2.6.8 (based on 7u121):
* Security fixes
- S8151921: Improved page resolution
- S8155968: Update command line options
- S8155973, CVE-2016-5542: Tighten jar checks
- S8157176: Improved classfile parsing
- S8157739, CVE-2016-5554: Classloader Consistency Checking
- S8157749: Improve handling of DNS error replies
- S8157753: Audio replay enhancement
- S8157759: LCMS Transform Sampling Enhancement
- S8157764: Better handling of interpolation plugins
- S8158302: Handle contextual glyph substitutions
- S8158993, CVE-2016-5568: Service Menu services
- S8159495: Fix index offsets
- S8159503: Amend Annotation Actions
- S8159511: Stack map validation
- S8159515: Improve indy validation
- S8159519, CVE-2016-5573: Reformat JDWP messages
- S8160090: Better signature handling in pack200
- S8160094: Improve pack200 layout
- S8160098: Clean up color profiles
- S8160591, CVE-2016-5582: Improve internal array handling
- S8160838, CVE-2016-5597: Better HTTP service
- PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()
-- Tiago Stürmer Daitx <email address hidden> Tue, 15 Nov 2016 22:26:23 +0000
-
openjdk-7 (7u111-2.6.7-0ubuntu0.14.04.3) trusty-security; urgency=medium
* debian/rules:
- fix typo (aarch64 -> arm64) and disable precompiled headers for
arm64
- remove compile file generated by automake during debian cleanup
openjdk-7 (7u111-2.6.7-0ubuntu0.14.04.2) trusty-security; urgency=medium
* debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM
after the introduction of two new Unsafe methods in the OpenJDK
hotspot. Closes: #833933. (LP: #1611598)
openjdk-7 (7u111-2.6.7-0ubuntu0.14.04.1) trusty-security; urgency=medium
[ Matthias Klose ]
* Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used
(Andreas Beckmann). Closes: #821858.
* Add missing includes for aarch64 hotspot backport (building without pch).
* Use in-tree lcms for backports.
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.7 (based on 7u111):
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
- S8147771: Construction of static protection domains under Javax
custom policy
- S8148872, CVE-2016-3500: Complete name checking
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams
- S8155981, CVE-2016-3606: Bolster bytecode verification
- S8155985, CVE-2016-3598: Persistent Parameter Processing
- S8158571, CVE-2016-3610: Additional method handle validation
* debian/rules:
- Create symbolic link in source package (thanks Avinash).
Closes: #832720.
- Use in-tree lcms (LP: #913434)
* debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar
instead of /var/lib/binfmts/@basename@ before removing jar entry
from binfmts. Closes: #821146.
-- Tiago Stürmer Daitx <email address hidden> Thu, 11 Aug 2016 23:28:50 +0000
-
openjdk-7 (7u101-2.6.6-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to Ubuntu 14.04.
openjdk-7 (7u101-2.6.6-0ubuntu0.15.10.1) wily-security; urgency=medium
* IcedTea release 2.6.6 (based on 7u101):
* Security fixes
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
* debian/patches/jdk-8152335-improve-methodhandle-consistency.patch:
removed, fix is upstream since 2.6.5
* Disable arm32-jit for armhf and armel, broken by hotspot security patches.
openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium
[ Tiago Stürmer Daitx ]
* SECURITY UPDATE: Applies to client deployment of Java only. This
vulnerability can be exploited only through sandboxed Java Web Start
applications and sandboxed Java applets.
- d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
CVE-2016-0636: Improve MethodHandle consistency
[ Matthias Klose ]
* Use internal tzdata for builds in stretch, unstable, experimental.
Closes: #818308.
openjdk-7 (7u95-2.6.4-2) experimental; urgency=medium
* Upload to experimental.
openjdk-7 (7u95-2.6.4-1) unstable; urgency=high
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.4 (based on 7u95):
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8132210: Reinforce JMX collector internals
- S8132988: Better printing dialogues
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
* debian/patches/it-debian-build-flags.diff: refreshed
* debian/patches/it-set-compiler.diff: refreshed
* debian/patches/it-use-quilt.diff: refreshed
* debian/patches/it-jamvm-2.0.diff: refreshed
* debian/patches/icedtea-pretend-memory.diff: refreshed
* debian/patches/fix_extra_flags-default.diff: refreshed
* debian/patches/zero-sparc.diff: refreshed
[ Matthias Klose ]
* Remove obsolete IcedTea configure options.
* Fix build failure on squeeze (Thorsten Glaser). Closes: #809205.
* Don't run the test on mips, still having stone age buildd hardware and
empty promises to fix these issues since 2010.
-- Tiago Stürmer Daitx <email address hidden> Sat, 23 Apr 2016 15:13:09 +0000
-
openjdk-7 (7u95-2.6.4-0ubuntu0.14.04.2) trusty-security; urgency=high
* SECURITY UPDATE: Applies to client deployment of Java only. This
vulnerability can be exploited only through sandboxed Java Web Start
applications and sandboxed Java applets.
- d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
CVE-2016-0636: Improve MethodHandle consistency
-- Tiago Stürmer Daitx <email address hidden> Wed, 23 Mar 2016 17:55:30 +0000
-
openjdk-7 (7u95-2.6.4-0ubuntu0.14.04.1) trusty-security; urgency=high
* Backport to Ubuntu 14.04.
openjdk-7 (7u95-2.6.4-0ubuntu0.15.10.1) wily-security; urgency=medium
* Icedtea release 2.6.4 (based on 7u95)
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8132210: Reinforce JMX collector internals
- S8132988: Better printing dialogues
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
* debian/patches/it-debian-build-flags.diff: refreshed
* debian/patches/it-set-compiler.diff: refreshed
* debian/patches/it-use-quilt.diff: refreshed
* debian/patches/it-jamvm-2.0.diff: refreshed
* debian/patches/icedtea-pretend-memory.diff: refreshed
* debian/patches/fix_extra_flags-default.diff: refreshed
* debian/patches/zero-sparc.diff: refreshed
openjdk-7 (7u91-2.6.3-3) unstable; urgency=medium
* Fix stripping packages (use bash instead of expr substring).
* openjdk-jre-headless: Add dependency on the package containing the
mountpoint binary. Closes: #803717.
* openjdk-7-jdk: Fix typo in sdk provides. Closes: #803150.
* Build using giflib 5.
openjdk-7 (7u91-2.6.3-2) unstable; urgency=medium
* Enable sparc64 for hotspot (John Paul Adrian Glaubitz).
* Add debian/patches/sparc-libproc-fix.diff to include missing
headers on sparc64 (David Matthew Mattli). Closes: #805846.
openjdk-7 (7u91-2.6.3-1) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* Icedtea release 2.6.3 (based on 7u91):
* Security fixes
- S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may
allow a protected method to be accessed
-- Tiago Stürmer Daitx <email address hidden> Thu, 21 Jan 2016 02:31:15 +0000
-
openjdk-7 (7u91-2.6.3-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to Ubuntu 14.04.
openjdk-7 (7u91-2.6.3-0ubuntu0.15.10.1) wily-security; urgency=medium
* Icedtea release 2.6.3 (based on 7u91):
* Security fixes
- S8142882, CVE-2015-4871: rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be accessed
* Bad merge in IcedTea caused 2.6.1 to leak shmem chunks, affecting
other applications such as QT and VLC, thanks Andrew Hughes for the
fix in 2.6.2. (LP: #1512760)
openjdk-7 (7u91-2.6.2-1) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.2 (based on 7u91):
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081760: Better group dynamics
- S8086092, CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8130078, CVE-2015-4911: Document better processing
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* d/patches/it-debian-build-flags.diff: refreshed
* d/patches/it-set-compiler.diff: refreshed
* d/patches/it-use-quilt.diff: refreshed and updated
* d/patches/it-jamvm-2.0.diff: refreshed
* d/patches/xrender: removed as it was applied upstream
openjdk-7 (7u85-2.6.1-6) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* S6966259: Make PrincipalName and Realm immutable, required for S8048030
* S8078822: 8068842 fix missed one new file
PrimeNumberSequenceGenerator.java
[ Matthias Klose ]
* Re-enable the atk bridge for releases with a fixed atk bridge.
Again closes: #797595.
-- Tiago Stürmer Daitx <email address hidden> Thu, 19 Nov 2015 03:22:53 +0000
-
openjdk-7 (7u85-2.6.1-5ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to Ubuntu 14.04 LTS.
openjdk-7 (7u85-2.6.1-5ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE:
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* S6966259: Make PrincipalName and Realm immutable, required for S8048030
* S8078822: 8068842 fix missed one new file
PrimeNumberSequenceGenerator.java
-- Tiago Stürmer Daitx <email address hidden> Tue, 20 Oct 2015 18:44:31 +0000
-
openjdk-7 (7u79-2.5.6-0ubuntu1.14.04.1) trusty-security; urgency=medium
* Backport to Ubuntu 14.04 LTS.
-- Steve Beattie <email address hidden> Thu, 23 Jul 2015 23:10:03 -0700
-
openjdk-7 (7u79-2.5.5-0ubuntu0.14.04.2) trusty-security; urgency=medium
* Backport to 14.04 LTS.
openjdk-7 (7u79-2.5.5-0ubuntu1) vivid; urgency=high
* IcedTea7 2.5.5 release (based on OpenJDK 7u79).
* Security fixes
- S8059064: Better G1 log caching.
- S8060461: Fix for JDK-8042609 uncovers additional issue.
- S8064601, CVE-2015-0480: Improve jar file handling.
- S8065286: Fewer subtable substitutions.
- S8065291: Improved font lookups.
- S8066479: Better certificate chain validation.
- S8067050: Better font consistency checking.
- S8067684: Better font substitutions.
- S8067699, CVE-2015-0469: Better glyph storage.
- S8068320, CVE-2015-0477: Limit applet requests.
- S8068720, CVE-2015-0488: Better certificate options checking.
- S8069198: Upgrade image library.
- S8071726, CVE-2015-0478: Better RSA optimizations.
- S8071818: Better vectorization on SPARC.
- S8071931, CVE-2015-0460: Return of the phantom menace.
* Build the documentation when building with a Hotspot VM. Closes: #781577.
* openjdk-7-jre.preinst: Fix version for alternatives cleanup.
Closes: #775072.
* Re-enable HotSpot on SPARC; zero doesn't workm and there seems to be
some work ongoing upstream.
* Refresh patches.
* Only install the openjdk-java.desktop file when using cautious-launcher.
-- Steve Beattie <email address hidden> Wed, 15 Apr 2015 19:09:50 -0700
-
openjdk-7 (7u75-2.5.4-1~trusty1) trusty-security; urgency=medium
* Backport to trusty
openjdk-7 (7u75-2.5.4-1) unstable; urgency=high
* IcedTea7 2.5.4 release (based on OpenJDK 7u75).
* Security fixes
- S8046656: Update protocol support.
- S8047125, CVE-2015-0395: (ref) More phantom object references.
- S8047130: Fewer escapes from escape analysis.
- S8048035, CVE-2015-0400: Ensure proper proxy protocols.
- S8049253: Better GC validation.
- S8050807, CVE-2015-0383: Better performing performance data handling.
- S8054367, CVE-2015-0412: More references for endpoints.
- S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel.
- S8055309, CVE-2015-0408: RMI needs better transportation considerations.
- S8055479: TLAB stability.
- S8055489, CVE-2014-6585: Better substitution formats.
- S8056264, CVE-2014-6587: Multicast support improvements.
- S8056276, CVE-2014-6591: Fontmanager feature improvements.
- S8057555, CVE-2014-6593: Less cryptic cipher suite management.
- S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial.
- S8059485, CVE-2015-0410: Resolve parsing ambiguity.
- S8061210, CVE-2014-3566: Issues in TLS.
openjdk-7 (7u71-2.5.3-2) unstable; urgency=medium
* Regenerate the .orig.tar to omit a third hotspot tarball.
* Really fix the libjpeg runtime dependency for sid and jessie.
Closes: #766601.
* Fix regression running JamVM after the 2.5.3 security update.
Closes: #767771. LP: #1382205.
* Fix regression running CACAO after the 2.5.3 security update.
* Backport S8000897, VM crash in CompileBroker. Closes: #768747.
* Fix building icedtea-sound on x32 (patch dropped in 7u71-2.5.3-1).
Closes: #766610.
* Don't use the compatibility path names from the ttf-dejavu packages
for recent releases. LP: #1362099.
-- Jamie Strandboge <email address hidden> Mon, 26 Jan 2015 17:37:17 -0600
-
openjdk-7 (7u71-2.5.3-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Backport to 14.04 LTS
-- Jamie Strandboge <email address hidden> Tue, 21 Oct 2014 22:25:54 -0400
-
openjdk-7 (7u65-2.5.2-3~14.04) trusty-proposed; urgency=medium
* Regenerate the control file.
openjdk-7 (7u65-2.5.2-3) unstable; urgency=medium
* Enable systemtap for development versions.
* Fix the icedtea-sound build on x32. Closes: #760436.
* Enable the template interpreter for ppc64 and ppc64el.
openjdk-7 (7u65-2.5.2-2) unstable; urgency=medium
* Update JamVM patch for kfreebsd (Steven Chamberlain). Closes: #760160.
openjdk-7 (7u65-2.5.2-1) unstable; urgency=medium
* IcedTea7 2.5.2 release (based on OpenJDK 7u65).
* Update JamVM to 2.0.0.
* Update the hotspot for AArch64, rev 778cb4032983.
openjdk-7 (7u65-2.5.1-5) unstable; urgency=medium
* Fix quoting of configure args for the zero build.
* Fix a stack verifier regression in the latest security updates.
http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
(Bill Huey) LP: #1360392.
* Don't ship the apt binary anymore for new releases (deprecated upstream).
* Let openjdk-7-source replace openjdk-7-jdk, widening the version range.
* Update the hotspot for AArch64, rev 778cb4032983.
-- Matthias Klose <email address hidden> Tue, 09 Sep 2014 14:55:43 +0200
-
openjdk-7 (7u65-2.5.1-4ubuntu1~0.14.04.2) trusty-security; urgency=medium
[ Matthias Klose ]
* debian/patches/it-aarch64-zero-default.diff: fix quoting of configure args
for the zero build.
[ Bill Huey ]
* Fix a stack verifier regression in the latest security updates
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
- LP: #1360392
-- Bill Huey <email address hidden> Sat, 23 Aug 2014 07:35:37 -0500
-
openjdk-7 (7u65-2.5.1-4ubuntu1~0.14.04.1) trusty-security; urgency=medium
* Backport for Ubuntu 14.04 LTS
openjdk-7 (7u65-2.5.1-4ubuntu1) utopic; urgency=medium
* Merge from Debian 7u65-2.5.1-4
openjdk-7 (7u65-2.5.1-4) unstable; urgency=medium
* Let the file system check for the libpcsclite library succeed again,
although we are not using it. Closes: #755893.
openjdk-7 (7u65-2.5.1-3) unstable; urgency=medium
* Use the system libpcsclite library. Closes: #754952.
* Let openjdk-7-source replace openjdk-7-jdk. Closes: #755126.
openjdk-7 (7u65-2.5.1-2) unstable; urgency=medium
* openjdk-7-jdk: Fix src.zip symlink. Closes: #755126.
-- Jamie Strandboge <email address hidden> Fri, 01 Aug 2014 15:38:06 -0500
-
openjdk-7 (7u55-2.4.7-1ubuntu1) trusty-security; urgency=medium
* Regenerate the control file.
openjdk-7 (7u55-2.4.7-1) unstable; urgency=high
* IcedTea7 2.4.7 release.
* Security fixes
- S8023046: Enhance splashscreen support.
- S8025005: Enhance CORBA initializations.
- S8025010, CVE-2014-2412: Enhance AWT contexts.
- S8025030, CVE-2014-2414: Enhance stream handling.
- S8025152, CVE-2014-0458: Enhance activation set up.
- S8026067: Enhance signed jar verification.
- S8026163, CVE-2014-2427: Enhance media provisioning.
- S8026188, CVE-2014-2423: Enhance envelope factory.
- S8026200: Enhance RowSet Factory.
- S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling.
- S8026736, CVE-2014-2398: Enhance Javadoc pages.
- S8026797, CVE-2014-0451: Enhance data transfers.
- S8026801, CVE-2014-0452: Enhance endpoint addressing.
- S8027766, CVE-2014-0453: Enhance RSA processing.
- S8027775: Enhance ICU code.
- S8027841, CVE-2014-0429: Enhance pixel manipulations.
- S8028385: Enhance RowSet Factory.
- S8029282, CVE-2014-2403: Enhance CharInfo set up.
- S8029286: Enhance subject delegation.
- S8029699: Update Poller demo.
- S8029730: Improve audio device additions.
- S8029735: Enhance service mgmt natives.
- S8029740, CVE-2014-0446: Enhance handling of loggers.
- S8029745, CVE-2014-0454: Enhance algorithm checking.
- S8029750: Enhance LCMS color processing (LCMS 2 only).
- S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg).
- S8029844, CVE-2014-0455: Enhance argument validation.
- S8029854, CVE-2014-2421: Enhance JPEG decodings.
- S8029858, CVE-2014-0456: Enhance array copies.
- S8030731, CVE-2014-0460: Improve name service robustness.
- S8031330: Refactor ObjectFactory.
- S8031335, CVE-2014-0459: Better color profiling.
- S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng).
- S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader.
- S8031395: Enhance LDAP processing.
- S8032686, CVE-2014-2413: Issues with method invoke.
- S8033618, CVE-2014-1876: Correct logging output.
- S8034926, CVE-2014-2397: Attribute classes properly.
- S8036794, CVE-2014-0461: Manage JavaScript instances.
* AArch64 fixes.
-- Matthias Klose <email address hidden> Wed, 16 Apr 2014 15:45:13 +0200
-
openjdk-7 (7u51-2.4.6-1ubuntu4) trusty; urgency=medium
* AArch64 hotspot fixes (Ed Nevill):
- Use gcc __clear_cache instead of doing it ourselves.
- Preserve callee save FP registers around call to java code.
-- Matthias Klose <email address hidden> Tue, 08 Apr 2014 00:35:52 +0200
-
openjdk-7 (7u51-2.4.6-1ubuntu3) trusty; urgency=medium
* Don't search ecj.jar when it is not required for the build.
-- Matthias Klose <email address hidden> Tue, 01 Apr 2014 11:07:32 +0200
-
openjdk-7 (7u51-2.4.6-1ubuntu2) trusty; urgency=medium
* Fix the AArch64 build.
* Regenerate the control file.
-- Matthias Klose <email address hidden> Tue, 01 Apr 2014 09:46:54 +0200
-
openjdk-7 (7u51-2.4.6-1ubuntu1) trusty; urgency=medium
* Regenerate the control file.
openjdk-7 (7u51-2.4.6-1) unstable; urgency=medium
* IcedTea7 2.4.6 release.
* Explicitly use AC_MAINTAINER_MODE and automake-1.11 to create the
debian .orig tarball. Addresses: #740289.
* Apply patch from upstream to fix bold fonts in Swing applications using
GTK L&F (Ryan Tandy). LP: #937200.
-- Matthias Klose <email address hidden> Mon, 31 Mar 2014 14:50:04 +0200
-
openjdk-7 (7u51-2.4.6~pre1-1ubuntu2) trusty; urgency=medium
* Configure with --disable-arm32-jit for armel and armhf.
-- Matthias Klose <email address hidden> Fri, 28 Mar 2014 02:49:09 +0100
-
openjdk-7 (7u51-2.4.6~pre1-1ubuntu1) trusty; urgency=medium
* Regenerate the control file.
openjdk-7 (7u51-2.4.6~pre1-1) unstable; urgency=medium
* IcedTea7 2.4.6 prerelease.
* Fix icedtea-web build failure on kfreebsd-* (unable to find
sun.security.util.SecurityConstants). Steven Chamberlain. Closes: #739032.
* Update the AArch64 Hotspot.
-- Matthias Klose <email address hidden> Thu, 27 Mar 2014 18:46:37 +0100
-
openjdk-7 (7u51-2.4.5-1ubuntu1) trusty; urgency=medium
* Regenerate the control file.
openjdk-7 (7u51-2.4.5-1) unstable; urgency=medium
* IcedTea7 2.4.5 release.
* Build Hotspot client and server vms for AArch64.
-- Matthias Klose <email address hidden> Fri, 31 Jan 2014 12:49:02 +0000
-
openjdk-7 (7u51-2.4.4-1ubuntu1) trusty; urgency=medium
* Regenerate the control file.
-- Matthias Klose <email address hidden> Wed, 15 Jan 2014 13:49:28 +0100
-
openjdk-7 (7u45-2.4.3-4ubuntu2) trusty; urgency=medium
* Run the jtreg tests on powerpcspe, tested by Roland Stigge.
* Fix zero builds on 64k page kernel configs.
-- Matthias Klose <email address hidden> Sat, 28 Dec 2013 21:52:05 +0100
-
openjdk-7 (7u45-2.4.3-4ubuntu1) trusty; urgency=medium
* Regenerate the control file.
-- Matthias Klose <email address hidden> Mon, 23 Dec 2013 03:51:14 +0100
-
openjdk-7 (7u45-2.4.3-3ubuntu2) trusty; urgency=low
* Increase VMThreadStackSize for zero architectures to 640 (32bit),
1280 (64bit), 1920 (ppc64el).
-- Matthias Klose <email address hidden> Sat, 21 Dec 2013 13:47:09 +0100
-
openjdk-7 (7u45-2.4.3-3ubuntu1) trusty; urgency=low
* Regenerate the control file.
openjdk-7 (7u45-2.4.3-3) unstable; urgency=low
* Don't build on s390 anymore.
* Update hotspot-mips-align patch (Aurelien Jarno). Closes: #732528).
* Build for ppc64el.
* Try to build zero on x32.
* Configure with --enable-zero on sparc and sparc64.
openjdk-7 (7u45-2.4.3-2.3) unstable; urgency=medium
* Disable bootstrap build on alpha. Closes: #719671.
* Disable running the jdk jtreg tests on the hotspot architectures.
Hanging on the buildds.
* Re-enable the jexec patch, program logic confused by running jexec
outside the assumed java home. Closes: #731961.
* Don't apply the s390 patches on s390x. s390 is successfully dead.
* Fix zero builds on little endian architectures, taken from the trunk.
openjdk-7 (7u45-2.4.3-1) unstable; urgency=medium
* IcedTea7 2.4.3 release.
* Security fixes:
- S8006900, CVE-2013-3829: Add new date/time capability.
- S8008589: Better MBean permission validation.
- S8011071, CVE-2013-5780: Better crypto provider handling.
- S8011081, CVE-2013-5772: Improve jhat.
- S8011157, CVE-2013-5814: Improve CORBA portablility.
- S8012071, CVE-2013-5790: Better Building of Beans.
- S8012147: Improve tool support.
- S8012277: CVE-2013-5849: Improve AWT DataFlavor.
- S8012425, CVE-2013-5802: Transform TransformerFactory.
- S8013503, CVE-2013-5851: Improve stream factories.
- S8013506: Better Pack200 data handling.
- S8013510, CVE-2013-5809: Augment image writing code.
- S8013514: Improve stability of cmap class.
- S8013739, CVE-2013-5817: Better LDAP resource management.
- S8013744, CVE-2013-5783: Better tabling for AWT.
- S8014085: Better serialization support in JMX classes.
- S8014093, CVE-2013-5782: Improve parsing of images.
- S8014098: Better profile validation.
- S8014102, CVE-2013-5778: Improve image conversion.
- S8014341, CVE-2013-5803: Better service from Kerberos servers.
- S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic
in some class loader configurations.
- S8014530, CVE-2013-5825: Better digital signature processing.
- S8014534: Better profiling support.
- S8014987, CVE-2013-5842: Augment serialization handling.
- S8015614: Update build settings.
- S8015731: Subject java.security.auth.subject to improvements.
- S8015743, CVE-2013-5774: Address internet addresses.
- S8016256: Make finalization final.
- S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters
in names.
- S8016675, CVE-2013-5797: Make Javadoc pages more robust.
- S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately.
- S8017287, CVE-2013-5829: Better resource disposal.
- S8017291, CVE-2013-5830: Cast Proxies Aside.
- S8017298, CVE-2013-4002: Better XML support.
- S8017300, CVE-2013-5784: Improve Interface Implementation.
- S8017505, CVE-2013-5820: Better Client Service.
- S8019292: Better Attribute Value Exceptions.
- S8019617: Better view of objects.
- S8020293: JVM crash.
- S8021275, CVE-2013-5805: Better screening for ScreenMenu.
- S8021282, CVE-2013-5806: Better recycling of object instances.
- S8021286: Improve MacOS resourcing.
- S8021290, CVE-2013-5823: Better signature validation.
- S8022931, CVE-2013-5800: Enhance Kerberos exceptions.
- S8022940: Enhance CORBA translations.
- S8023683: Enhance class file parsing.
* Fix build failure on mips* (Aurelien Jarno). Closes: #729448).
* Run autoreconf. Closes: #724083.
* Merge the -jre-lib package into -jre-headless. Simplifies the packaging
and the savings were not as big as wanted, because the rt.jar is still
architecture dependant. Closes: #641049, #722510.
-- Matthias Klose <email address hidden> Fri, 20 Dec 2013 14:49:08 +0100
-
openjdk-7 (7u25-2.3.12-4ubuntu5) trusty; urgency=medium
* Don't build hotspot on i386, currently broken by glibc-2.18.
Default to zero on i386.
-- Matthias Klose <email address hidden> Wed, 18 Dec 2013 01:59:46 +0100
-
openjdk-7 (7u25-2.3.12-4ubuntu4) trusty; urgency=medium
* Build for ppc64el.
-- Matthias Klose <email address hidden> Mon, 16 Dec 2013 23:52:22 +0100
-
openjdk-7 (7u25-2.3.12-4ubuntu3) saucy; urgency=low
* Apply missing patch to fix arm64/AArch64 detection.
-- Matthias Klose <email address hidden> Fri, 11 Oct 2013 17:51:33 +0200
