-
openjdk-7 (7u101-2.6.6-0ubuntu0.15.10.1) wily-security; urgency=medium
* IcedTea release 2.6.6 (based on 7u101):
* Security fixes
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
* debian/patches/jdk-8152335-improve-methodhandle-consistency.patch:
removed, fix is upstream since 2.6.5
* Disable arm32-jit for armhf and armel, broken by hotspot security patches.
openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium
[ Tiago Stürmer Daitx ]
* SECURITY UPDATE: Applies to client deployment of Java only. This
vulnerability can be exploited only through sandboxed Java Web Start
applications and sandboxed Java applets.
- d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
CVE-2016-0636: Improve MethodHandle consistency
[ Matthias Klose ]
* Use internal tzdata for builds in stretch, unstable, experimental.
Closes: #818308.
openjdk-7 (7u95-2.6.4-2) experimental; urgency=medium
* Upload to experimental.
openjdk-7 (7u95-2.6.4-1) unstable; urgency=high
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.4 (based on 7u95):
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8132210: Reinforce JMX collector internals
- S8132988: Better printing dialogues
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
* debian/patches/it-debian-build-flags.diff: refreshed
* debian/patches/it-set-compiler.diff: refreshed
* debian/patches/it-use-quilt.diff: refreshed
* debian/patches/it-jamvm-2.0.diff: refreshed
* debian/patches/icedtea-pretend-memory.diff: refreshed
* debian/patches/fix_extra_flags-default.diff: refreshed
* debian/patches/zero-sparc.diff: refreshed
[ Matthias Klose ]
* Remove obsolete IcedTea configure options.
* Fix build failure on squeeze (Thorsten Glaser). Closes: #809205.
* Don't run the test on mips, still having stone age buildd hardware and
empty promises to fix these issues since 2010.
-- Tiago Stürmer Daitx <email address hidden> Fri, 22 Apr 2016 17:37:04 +0000
-
openjdk-7 (7u95-2.6.4-0ubuntu0.15.10.2) wily-security; urgency=medium
* SECURITY UPDATE: Applies to client deployment of Java only. This
vulnerability can be exploited only through sandboxed Java Web Start
applications and sandboxed Java applets.
- d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
CVE-2016-0636: Improve MethodHandle consistency
-- Tiago Stürmer Daitx <email address hidden> Wed, 23 Mar 2016 17:55:30 +0000
-
openjdk-7 (7u95-2.6.4-0ubuntu0.15.10.1) wily-security; urgency=medium
* Icedtea release 2.6.4 (based on 7u95)
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8132210: Reinforce JMX collector internals
- S8132988: Better printing dialogues
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
* debian/patches/it-debian-build-flags.diff: refreshed
* debian/patches/it-set-compiler.diff: refreshed
* debian/patches/it-use-quilt.diff: refreshed
* debian/patches/it-jamvm-2.0.diff: refreshed
* debian/patches/icedtea-pretend-memory.diff: refreshed
* debian/patches/fix_extra_flags-default.diff: refreshed
* debian/patches/zero-sparc.diff: refreshed
openjdk-7 (7u91-2.6.3-3) unstable; urgency=medium
* Fix stripping packages (use bash instead of expr substring).
* openjdk-jre-headless: Add dependency on the package containing the
mountpoint binary. Closes: #803717.
* openjdk-7-jdk: Fix typo in sdk provides. Closes: #803150.
* Build using giflib 5.
openjdk-7 (7u91-2.6.3-2) unstable; urgency=medium
* Enable sparc64 for hotspot (John Paul Adrian Glaubitz).
* Add debian/patches/sparc-libproc-fix.diff to include missing
headers on sparc64 (David Matthew Mattli). Closes: #805846.
openjdk-7 (7u91-2.6.3-1) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* Icedtea release 2.6.3 (based on 7u91):
* Security fixes
- S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may
allow a protected method to be accessed
-- Tiago Stürmer Daitx <email address hidden> Wed, 20 Jan 2016 18:57:12 +0000
-
openjdk-7 (7u91-2.6.3-0ubuntu0.15.10.1) wily-security; urgency=medium
* Icedtea release 2.6.3 (based on 7u91):
* Security fixes
- S8142882, CVE-2015-4871: rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be accessed
* Bad merge in IcedTea caused 2.6.1 to leak shmem chunks, affecting
other applications such as QT and VLC, thanks Andrew Hughes for the
fix in 2.6.2. (LP: #1512760)
openjdk-7 (7u91-2.6.2-1) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.2 (based on 7u91):
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081760: Better group dynamics
- S8086092, CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8130078, CVE-2015-4911: Document better processing
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* d/patches/it-debian-build-flags.diff: refreshed
* d/patches/it-set-compiler.diff: refreshed
* d/patches/it-use-quilt.diff: refreshed and updated
* d/patches/it-jamvm-2.0.diff: refreshed
* d/patches/xrender: removed as it was applied upstream
openjdk-7 (7u85-2.6.1-6) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* S6966259: Make PrincipalName and Realm immutable, required for S8048030
* S8078822: 8068842 fix missed one new file
PrimeNumberSequenceGenerator.java
[ Matthias Klose ]
* Re-enable the atk bridge for releases with a fixed atk bridge.
Again closes: #797595.
-- Tiago Stürmer Daitx <email address hidden> Tue, 17 Nov 2015 21:24:08 +0000
-
openjdk-7 (7u85-2.6.1-5ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE:
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* S6966259: Make PrincipalName and Realm immutable, required for S8048030
* S8078822: 8068842 fix missed one new file
PrimeNumberSequenceGenerator.java
-- Tiago Stürmer Daitx <email address hidden> Tue, 20 Oct 2015 03:24:22 +0000
-
openjdk-7 (7u85-2.6.1-5) unstable; urgency=medium
* Fix passing --disable-system-sctp for non-linux targets.
-- Matthias Klose <email address hidden> Thu, 08 Oct 2015 07:01:54 +0200
-
openjdk-7 (7u85-2.6.1-4) unstable; urgency=medium
* Build again with pulseaudio on alpha.
* Update the kfreebsd support patches (Steven Chamberlain). Closes: #798123.
* Fix parallel build. Closes: #798124.
* Disable again the atk bridge, too many regressions. Reopens: #797595.
-- Matthias Klose <email address hidden> Wed, 07 Oct 2015 16:24:40 +0200
-
openjdk-7 (7u85-2.6.1-2) unstable; urgency=medium
* Stop building zero on AArch64, broken on the merged IcedTea Hotspot.
* Only build-depend on libsctp-dev on linux architectures.
* Configure for zero on sparc64, Hotspot build fails too.
-- Matthias Klose <email address hidden> Fri, 04 Sep 2015 17:47:56 +0200
-
openjdk-7 (7u85-2.6.1-1ubuntu1) wily; urgency=medium
* Stop building zero on AArch64, broken on the merged IcedTea Hotspot.
-- Matthias Klose <email address hidden> Thu, 03 Sep 2015 20:31:02 +0200
-
openjdk-7 (7u85-2.6.1-1) unstable; urgency=medium
* IcedTea7 2.6.1 release (based on OpenJDK 7u85).
* Configure for Hotspot on sparc64.
* Add mips to the openjdk stage1 architectures.
* Sort the enums and the annotations in the package-tree.html files (Emmanuel
Bourg). Closes: #787159.
* Re-enable the atk bridge for releases with a fixed atk bridge.
Closes: #797595.
* Make derivatives builds the same as the parent distro. Closes: #797662.
-- Matthias Klose <email address hidden> Thu, 03 Sep 2015 12:47:16 +0200
-
openjdk-7 (7u79-2.5.6-1) unstable; urgency=medium
* IcedTea7 2.5.6 release (based on OpenJDK 7u79).
* Security fixes
- S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
- S8067694, CVE-2015-2625: Improved certification checking.
- S8071715, CVE-2015-4760: Tune font layout engine.
- S8071731: Better scaling for C1.
- S8072490: Better font morphing redux.
- S8072887: Better font handling improvements.
- S8073334: Improved font substitutions.
- S8073773: Presume path preparedness.
- S8073894: Getting to the root of certificate chains.
- S8074330: Set font anchors more solidly.
- S8074335: Substitute for substitution formats.
- S8074865, CVE-2015-2601: General crypto resilience changes.
- S8074871: Adjust device table handling.
- S8075374, CVE-2015-4748: Responding to OCSP responses.
- S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
- S8075738: Better multi-JVM sharing.
- S8075833, CVE-2015-2613: Straighter Elliptic Curves.
- S8075838: Method for typing MethodTypes.
- S8075853, CVE-2015-2621: Proxy for MBean proxies.
- S8076328, CVE-2015-4000: Enforce key exchange constraints.
- S8076376, CVE-2015-2628: Enhance IIOP operations.
- S8076397, CVE-2015-4731: Better MBean connections.
- S8076401, CVE-2015-2590: Serialize OIS data.
- S8076405, CVE-2015-4732: Improve serial serialization.
- S8076409, CVE-2015-4733: Reinforce RMI framework.
- S8077520, CVE-2015-2632: Morph tables into improved form.
- PR2487, CVE-2015-4000: Make jdk8 mode the default for
jdk.tls.ephemeralDHKeySize.
* Update the kfreebsd hotspot support patch (Steven Chamberlain).
Closes: #788982.
* openjdk-7-jre: Recommend the real libgconf2-4 and libgnome2-0 packages.
Closes: #786594.
-- Matthias Klose <email address hidden> Thu, 23 Jul 2015 17:19:35 +0200
-
openjdk-7 (7u79-2.5.5-0ubuntu1) vivid; urgency=high
* IcedTea7 2.5.5 release (based on OpenJDK 7u79).
* Security fixes
- S8059064: Better G1 log caching.
- S8060461: Fix for JDK-8042609 uncovers additional issue.
- S8064601, CVE-2015-0480: Improve jar file handling.
- S8065286: Fewer subtable substitutions.
- S8065291: Improved font lookups.
- S8066479: Better certificate chain validation.
- S8067050: Better font consistency checking.
- S8067684: Better font substitutions.
- S8067699, CVE-2015-0469: Better glyph storage.
- S8068320, CVE-2015-0477: Limit applet requests.
- S8068720, CVE-2015-0488: Better certificate options checking.
- S8069198: Upgrade image library.
- S8071726, CVE-2015-0478: Better RSA optimizations.
- S8071818: Better vectorization on SPARC.
- S8071931, CVE-2015-0460: Return of the phantom menace.
* Build the documentation when building with a Hotspot VM. Closes: #781577.
* openjdk-7-jre.preinst: Fix version for alternatives cleanup.
Closes: #775072.
* Re-enable HotSpot on SPARC; zero doesn't workm and there seems to be
some work ongoing upstream.
* Refresh patches.
* Only install the openjdk-java.desktop file when using cautious-launcher.
-- Matthias Klose <email address hidden> Wed, 15 Apr 2015 22:16:17 +0200