-
openjdk-7 (7u79-2.5.5-0ubuntu0.14.10.2) utopic-security; urgency=medium
* Backport to 14.10.
openjdk-7 (7u79-2.5.5-0ubuntu1) vivid; urgency=high
* IcedTea7 2.5.5 release (based on OpenJDK 7u79).
* Security fixes
- S8059064: Better G1 log caching.
- S8060461: Fix for JDK-8042609 uncovers additional issue.
- S8064601, CVE-2015-0480: Improve jar file handling.
- S8065286: Fewer subtable substitutions.
- S8065291: Improved font lookups.
- S8066479: Better certificate chain validation.
- S8067050: Better font consistency checking.
- S8067684: Better font substitutions.
- S8067699, CVE-2015-0469: Better glyph storage.
- S8068320, CVE-2015-0477: Limit applet requests.
- S8068720, CVE-2015-0488: Better certificate options checking.
- S8069198: Upgrade image library.
- S8071726, CVE-2015-0478: Better RSA optimizations.
- S8071818: Better vectorization on SPARC.
- S8071931, CVE-2015-0460: Return of the phantom menace.
* Build the documentation when building with a Hotspot VM. Closes: #781577.
* openjdk-7-jre.preinst: Fix version for alternatives cleanup.
Closes: #775072.
* Re-enable HotSpot on SPARC; zero doesn't workm and there seems to be
some work ongoing upstream.
* Refresh patches.
* Only install the openjdk-java.desktop file when using cautious-launcher.
-- Steve Beattie <email address hidden> Wed, 15 Apr 2015 17:58:40 -0700
-
openjdk-7 (7u75-2.5.4-1~utopic1) utopic-security; urgency=medium
* Backport to utopic
openjdk-7 (7u75-2.5.4-1) unstable; urgency=high
* IcedTea7 2.5.4 release (based on OpenJDK 7u75).
* Security fixes
- S8046656: Update protocol support.
- S8047125, CVE-2015-0395: (ref) More phantom object references.
- S8047130: Fewer escapes from escape analysis.
- S8048035, CVE-2015-0400: Ensure proper proxy protocols.
- S8049253: Better GC validation.
- S8050807, CVE-2015-0383: Better performing performance data handling.
- S8054367, CVE-2015-0412: More references for endpoints.
- S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel.
- S8055309, CVE-2015-0408: RMI needs better transportation considerations.
- S8055479: TLAB stability.
- S8055489, CVE-2014-6585: Better substitution formats.
- S8056264, CVE-2014-6587: Multicast support improvements.
- S8056276, CVE-2014-6591: Fontmanager feature improvements.
- S8057555, CVE-2014-6593: Less cryptic cipher suite management.
- S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial.
- S8059485, CVE-2015-0410: Resolve parsing ambiguity.
- S8061210, CVE-2014-3566: Issues in TLS.
openjdk-7 (7u71-2.5.3-2) unstable; urgency=medium
* Regenerate the .orig.tar to omit a third hotspot tarball.
* Really fix the libjpeg runtime dependency for sid and jessie.
Closes: #766601.
* Fix regression running JamVM after the 2.5.3 security update.
Closes: #767771. LP: #1382205.
* Fix regression running CACAO after the 2.5.3 security update.
* Backport S8000897, VM crash in CompileBroker. Closes: #768747.
* Fix building icedtea-sound on x32 (patch dropped in 7u71-2.5.3-1).
Closes: #766610.
* Don't use the compatibility path names from the ttf-dejavu packages
for recent releases. LP: #1362099.
-- Jamie Strandboge <email address hidden> Mon, 26 Jan 2015 17:35:46 -0600
-
openjdk-7 (7u71-2.5.3-0ubuntu1) utopic; urgency=medium
[ Matthias Klose ]
* Change B-D to libjpeg-dev to finish the transition to libjpeg-turbo
(Ondřej Surý). Closes: #763489.
* Depend on libnss3 instead of libnss3-1d for recent releases.
Addresses: #760122.
[ Bill Huey ]
* icedtea-7-2.5.3 refresh, jamvm-2.0.0 and icetea-sound-1.0.1
* Security fixes
- S8015256: Better class accessibility
- S8022783, CVE-2014-6504: Optimize C2 optimizations
- S8035162: Service printing service
- S8035781: Improve equality for annotations
- S8036805: Correct linker method lookup.
- S8036810: Correct linker field lookup
- S8036936: Use local locales
- S8037066, CVE-2014-6457: Secure transport layer
- S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
- S8038364: Use certificate exceptions correctly
- S8038899: Safer safepoints
- S8038903: More native monitor monitoring
- S8038908: Make Signature more robust
- S8038913: Bolster XML support
- S8039509, CVE-2014-6512: Wrap sockets more thoroughly
- S8039533, CVE-2014-6517: Higher resolution resolvers
- S8041540, CVE-2014-6511: Better use of pages in font processing
- S8041529: Better parameterization of parameter lists
- S8041545: Better validation of generated rasters
- S8041564, CVE-2014-6506: Improved management of logger resources
- S8041717, CVE-2014-6519: Issue with class file parser
- S8042609, CVE-2014-6513: Limit splashiness of splash images
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing
-- Bill Huey <email address hidden> Wed, 08 Oct 2014 14:56:59 -0700
-
openjdk-7 (7u65-2.5.2-4) unstable; urgency=medium
* Update the hotspot for AArch64, rev 9580ebccfdc3.
* Don't install tapset files. Not yet ready. Closes: #761043.
-- Matthias Klose <email address hidden> Thu, 18 Sep 2014 02:41:41 +0200
-
openjdk-7 (7u65-2.5.2-3) unstable; urgency=medium
* Enable systemtap for development versions.
* Fix the icedtea-sound build on x32. Closes: #760436.
* Enable the template interpreter for ppc64 and ppc64el.
-- Matthias Klose <email address hidden> Tue, 09 Sep 2014 14:38:10 +0200
-
openjdk-7 (7u65-2.5.1-5ubuntu1) utopic; urgency=medium
* Merge from Debian 7u65-2.5.1-5
openjdk-7 (7u65-2.5.1-5) unstable; urgency=medium
* Fix quoting of configure args for the zero build.
* Fix a stack verifier regression in the latest security updates.
http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
(Bill Huey) LP: #1360392.
* Don't ship the apt binary anymore for new releases (deprecated upstream).
* Let openjdk-7-source replace openjdk-7-jdk, widening the version range.
* Update the hotspot for AArch64, rev 778cb4032983.
-- Jamie Strandboge <email address hidden> Mon, 25 Aug 2014 12:53:54 -0500
-
openjdk-7 (7u65-2.5.1-4ubuntu2) utopic; urgency=medium
[ Matthias Klose ]
* debian/patches/it-aarch64-zero-default.diff: fix quoting of configure args
for the zero build.
[ Bill Huey ]
* Fix a stack verifier regression in the latest security updates
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
- LP: #1360392
-- Bill Huey <email address hidden> Fri, 22 Aug 2014 15:00:40 -0700
-
openjdk-7 (7u65-2.5.1-4ubuntu1) utopic; urgency=medium
* Merge from Debian 7u65-2.5.1-4
openjdk-7 (7u65-2.5.1-4) unstable; urgency=medium
* Let the file system check for the libpcsclite library succeed again,
although we are not using it. Closes: #755893.
openjdk-7 (7u65-2.5.1-3) unstable; urgency=medium
* Use the system libpcsclite library. Closes: #754952.
* Let openjdk-7-source replace openjdk-7-jdk. Closes: #755126.
openjdk-7 (7u65-2.5.1-2) unstable; urgency=medium
* openjdk-7-jdk: Fix src.zip symlink. Closes: #755126.
-- Bill Huey <email address hidden> Mon, 28 Jul 2014 13:46:43 -0700
-
openjdk-7 (7u65-2.5.1-1ubuntu1) utopic; urgency=medium
* Regenerate the control file.
openjdk-7 (7u65-2.5.1-1) unstable; urgency=high
* IcedTea7 2.5.1 release (based on OpenJDK 7u65).
* Security fixes:
- S8029755, CVE-2014-4209: Enhance subject class.
- S8030763: Validate global memory allocation.
- S8031340, CVE-2014-4264: Better TLS/EC management.
- S8031346, CVE-2014-4244: Enhance RSA key handling.
- S8031540: Introduce document horizon.
- S8032536: JVM resolves wrong method in some unusual cases.
- S8033055: Issues in 2d.
- S8033301, CVE-2014-4266: Build more informative InfoBuilder.
- S8034267: Probabilistic native crash.
- S8034272: Do not cram data into CRAM arrays.
- S8034985, CVE-2014-2483: Better form for Lambda Forms.
- S8035004, CVE-2014-4252: Provider provides less service.
- S8035009, CVE-2014-4218: Make Proxy representations consistent.
- S8035119, CVE-2014-4219: Fix exceptions to bytecode verification.
- S8035699, CVE-2014-4268: File choosers should be choosier.
- S8035788. CVE-2014-4221: Provide more consistency for lookups.
- S8035793, CVE-2014-4223: Maximum arity maxed out.
- S8036571: (process) Process process arguments carefully.
- S8036800: Attribute OOM to correct part of code.
- S8037046: Validate libraries to be loaded.
- S8037076, CVE-2014-2490: Check constant pool constants.
- S8037157: Verify <init> call.
- S8037162, CVE-2014-4263: More robust DH exchanges.
- S8037167, CVE-2014-4216: Better method signature resolution.
- S8039520, CVE-2014-4262: More atomicity of atomic updates.
* Build libjsig and libsaproc with hardening defaults.
* Fix some lintian warnings.
* Move libjavagtk into the -jre package. Closes: #754770.
* Recognize -dcevm as a jvm. Closes: #748625.
* Install the src.zip into an architecture independent path. Closes: #749648.
-- Matthias Klose <email address hidden> Thu, 17 Jul 2014 00:34:37 +0200
-
openjdk-7 (7u60-2.5.0-2ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Build using a different .orig.tar.gz.
- Add the IcedTea Sound tarball as an uuencoded file.
- debian/generate-debian-orig.sh: Rename the debian checkout.
openjdk-7 (7u60-2.5.0-2) unstable; urgency=high
* Refresh KFreeBSD patches (Steven Chamberlain). Closes: #754214.
* Backport S7179339, xrender pipeline creates graphics corruption.
(Matthias Bläsing). LP: #1101348.
* Configure with --disable-infinality. Closes: #754343. LP: #1338897.
-- Matthias Klose <email address hidden> Thu, 10 Jul 2014 18:04:57 +0200
-
openjdk-7 (7u60-2.5.0-1ubuntu3) utopic; urgency=medium
* Don't apply ppc64el.diff for the AArch64 hotspot build.
openjdk-7 (7u60-2.5.0-1ubuntu2) utopic; urgency=medium
* Fix applying local patches.
openjdk-7 (7u60-2.5.0-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Build using a different .orig.tar.gz.
- Add the IcedTea Sound tarball as an uuencoded file.
- debian/generate-debian-orig.sh: Rename the debian checkout.
openjdk-7 (7u60-2.5.0-1) utopic; urgency=medium
* IcedTea7 2.5.0 release (based on OpenJDK 7u60).
* Convert to package format 3.0 (quilt).
* Add the IcedTea Sound tarball.
* Build the hotspot VM for ppc64 and ppc64el.
* Replace the IcedTea patch system with quilt.
* Re-enable the ARM assembler interpreter.
openjdk-7 (7u60-2.5.0-0ubuntu4) utopic; urgency=medium
* Fix the AArch64 build.
-- Matthias Klose <email address hidden> Mon, 07 Jul 2014 13:44:28 +0200
-
openjdk-7 (7u60-2.5.0-1ubuntu2) utopic; urgency=medium
* Fix applying local patches.
openjdk-7 (7u60-2.5.0-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Build using a different .orig.tar.gz.
- Add the IcedTea Sound tarball as an uuencoded file.
- debian/generate-debian-orig.sh: Rename the debian checkout.
openjdk-7 (7u60-2.5.0-1) utopic; urgency=medium
* IcedTea7 2.5.0 release (based on OpenJDK 7u60).
* Convert to package format 3.0 (quilt).
* Add the IcedTea Sound tarball.
* Build the hotspot VM for ppc64 and ppc64el.
* Replace the IcedTea patch system with quilt.
* Re-enable the ARM assembler interpreter.
openjdk-7 (7u60-2.5.0-0ubuntu4) utopic; urgency=medium
* Fix the AArch64 build.
-- Matthias Klose <email address hidden> Mon, 07 Jul 2014 12:41:17 +0200
-
openjdk-7 (7u60-2.5.0-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Build using a different .orig.tar.gz.
- Add the IcedTea Sound tarball as an uuencoded file.
- debian/generate-debian-orig.sh: Rename the debian checkout.
-- Matthias Klose <email address hidden> Sun, 06 Jul 2014 18:55:01 +0200
-
openjdk-7 (7u60-2.5.0-0ubuntu3) utopic; urgency=medium
* Re-add the zero-sparc patch.
* Build the hotspot VM for ppc64 and ppc64el.
-- Matthias Klose <email address hidden> Sun, 06 Jul 2014 11:13:09 +0200
-
openjdk-7 (7u60-2.5.0-0ubuntu2) utopic; urgency=medium
* Re-add the zero-sparc patch.
* Build the hotspot VM for ppc64 and ppc64el.
-- Matthias Klose <email address hidden> Sun, 06 Jul 2014 11:13:09 +0200
-
openjdk-7 (7u60-2.5.0-0ubuntu1) utopic; urgency=medium
* IcedTea7 2.5.0 release (based on OpenJDK 7u60).
-- Bill Huey <email address hidden> Wed, 25 Jun 2014 14:09:35 -0700
-
openjdk-7 (7u55-2.5~pre1-0ubuntu2) utopic; urgency=medium
* Fix sparc 'zero' architecture patch work arounds
* integrate the icedtea7-2.5 branch
-- Bill Huey <email address hidden> Wed, 28 May 2014 03:19:28 -0700
-
openjdk-7 (7u55-2.4.7-1ubuntu1) trusty-security; urgency=medium
* Regenerate the control file.
openjdk-7 (7u55-2.4.7-1) unstable; urgency=high
* IcedTea7 2.4.7 release.
* Security fixes
- S8023046: Enhance splashscreen support.
- S8025005: Enhance CORBA initializations.
- S8025010, CVE-2014-2412: Enhance AWT contexts.
- S8025030, CVE-2014-2414: Enhance stream handling.
- S8025152, CVE-2014-0458: Enhance activation set up.
- S8026067: Enhance signed jar verification.
- S8026163, CVE-2014-2427: Enhance media provisioning.
- S8026188, CVE-2014-2423: Enhance envelope factory.
- S8026200: Enhance RowSet Factory.
- S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling.
- S8026736, CVE-2014-2398: Enhance Javadoc pages.
- S8026797, CVE-2014-0451: Enhance data transfers.
- S8026801, CVE-2014-0452: Enhance endpoint addressing.
- S8027766, CVE-2014-0453: Enhance RSA processing.
- S8027775: Enhance ICU code.
- S8027841, CVE-2014-0429: Enhance pixel manipulations.
- S8028385: Enhance RowSet Factory.
- S8029282, CVE-2014-2403: Enhance CharInfo set up.
- S8029286: Enhance subject delegation.
- S8029699: Update Poller demo.
- S8029730: Improve audio device additions.
- S8029735: Enhance service mgmt natives.
- S8029740, CVE-2014-0446: Enhance handling of loggers.
- S8029745, CVE-2014-0454: Enhance algorithm checking.
- S8029750: Enhance LCMS color processing (LCMS 2 only).
- S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg).
- S8029844, CVE-2014-0455: Enhance argument validation.
- S8029854, CVE-2014-2421: Enhance JPEG decodings.
- S8029858, CVE-2014-0456: Enhance array copies.
- S8030731, CVE-2014-0460: Improve name service robustness.
- S8031330: Refactor ObjectFactory.
- S8031335, CVE-2014-0459: Better color profiling.
- S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng).
- S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader.
- S8031395: Enhance LDAP processing.
- S8032686, CVE-2014-2413: Issues with method invoke.
- S8033618, CVE-2014-1876: Correct logging output.
- S8034926, CVE-2014-2397: Attribute classes properly.
- S8036794, CVE-2014-0461: Manage JavaScript instances.
* AArch64 fixes.
-- Matthias Klose <email address hidden> Wed, 16 Apr 2014 15:45:13 +0200
-
openjdk-7 (7u51-2.4.6-1ubuntu4) trusty; urgency=medium
* AArch64 hotspot fixes (Ed Nevill):
- Use gcc __clear_cache instead of doing it ourselves.
- Preserve callee save FP registers around call to java code.
-- Matthias Klose <email address hidden> Tue, 08 Apr 2014 00:35:52 +0200