SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for java-1_6_0-openjdk-1.6.2_b24.1.11.3-1.1.x86_64.rpm :
Thu Jun 14 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.3 (bnc#766802)

* Security fixes
- S7079902, CVE-2012-1711: Refine CORBA data models
- S7110720: Issue with vm config file loadingIssue with vm config file loading
- S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
- S7143872, CVE-2012-1718: Improve certificate extension processing
- S7145239: Finetune package definition restriction
- S7152811, CVE-2012-1723: Issues in client compiler
- S7157609, CVE-2012-1724: Issues with loop
- S7160677: missing else in fix for 7152811
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile

* Bug fixes
- PR1018: JVM fails due to SEGV during rendering some Unicode characters (part of 6886358)
- RH789154: javac error messages no longer contain the full path to the offending file:
- PR797: Compiler error message does not display entire file name and path
- PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6
- PR886: 6-1.11.1 fails to build CACAO on ppc
- Specify both source and target in IT_GET_DTDTYPE_CHECK.
- Install nss.cfg into j2re-image too.
- PR584: Don\'t use shared Eden in incremental mode.

* Backports
- S6792400: Avoid loading of Normalizer resources for simple uses
- use versioned desktop files to avoid fileconflict with openjdk7
- add openjdk-6-src-b24-zero-increase-stack-size.patch by Dinar Valeev
- add xorg-x11 BuildRequires to have xprop (by reddwarf an opensuse)
- license update: GPL-2.0-with-classpath-exception (by cfarrell)

Mon Feb 20 13:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.1 (bnc#747208)

* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server

* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch

* openSUSE fixes
- apply ppc patch also on s390/s390x (thanks rudi)
- add a 3 more void-return fixes to ppc patch (thanks rudi)
- adjusted patch110 to fix ppc build. (thanks marcus)
- there is no architecture called arm, so use macro instead
- fix a stuff needed for gjc-based build

* change compiler flags in configure to gjc compatible

* added no-werror patch for openjdk-ecj

* avoid all aditional checking packages in this mode

* temporary remove memory size increase

* exclude patch110 in this case - TBD later
- definitelly drop noarch feature as it never worked well
- add arm to 32bit architectures
- remove rhino as a runtime dependency, as it\'s repackaged and
installed in the jvm\'s tree
- enable build --with-parallel-jobs
- add automake as buildrequire to avoid implicit dependency (thanks coolo)

Mon Oct 24 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.4 (bnc#725167)
- Security fixes

* S7000600, CVE-2011-3547: InputStream skip() information leak

* S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor

* S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow

* S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager

* S7046794, CVE-2011-3553: JAX-WS stack-traces information leak

* S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine

* S7055902, CVE-2011-3521: IIOP deserialization code execution

* S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks

* S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

* S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer

* S7077466, CVE-2011-3556: RMI DGC server remote code execution

* S7083012, CVE-2011-3557: RMI registry privileged code execution

* S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
- Bug fixes
- RH727195: Japanese font mappings are broken
- Backports
- S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog

Thu Aug 4 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.3
- Bug fixes

* PR748: Icedtea6 fails to build with Linux 3.0.

* PR744: icedtea6-1.10.2 : patching error
- Backports:

* S7037283, RH712211: Null Pointer Exception in SwingUtilities2.

* S6769607, PR677: Modal frame hangs for a while.

* S6578583: Modality is broken in windows vista home premium from jdk1.7 b02 onwards.

* S6610244: modal dialog closes with fatal error if -Xcheck:jni is set
- don\'t touch java and javac alternatives anymore

Tue Jun 14 14:00:00 2011 mvyskocilAATTsuse.cz
- fix build on 11.1/i586 distros

* add icedtea6-replace-gcc-stack-marking.patch

Thu Jun 9 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#698739: icedtea6-1.10.2 released
- update to openjdk b22, hotspot 20b11
see following links for more details
http://blog.fuseyism.com/index.php/2011/04/04/icedtea6-1101-released/
http://blog.fuseyism.com/index.php/2011/03/02/icedtea6-110-released/
- Security fixes

* S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)

* S6618658, CVE-2011-0865: Vulnerability in deserialization

* S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()

* S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code

* S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings

* S7013971, CVE-2011-0869: Vulnerability in SAAJ

* S7016340, CVE-2011-0870: Vulnerability in SAAJ

* S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero

* S7020198, CVE-2011-0871: ImageIcon creates Component with null acc

* S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables
- Backports

* S7023591, S7027667: Clipped antialiased rectangles are filled, not drawn.
Add missing privileged block around access to the sun.awt.nativedebug
property.

* S7032388, PR682: Make HotSpot work on machines without cmov instruction again

* S7031385, PR680: Incorrect register allocation in orderAccess_linux_x86.inline.hpp

* S7043054: REGRESSION - wrong userBounds in Paint.createContext()

* S7043963, RH698295: Window manager workaround in AWT was not applied to mutter. Now it is.
Bug fixes:

* G356743: Support libpng 1.5.

* RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors

* PR600: HS19 upgrade broke CACAO build on ARM

* PR616, PR99: Don’t statically link libstdc++ or libgcc

* PR632: patches/security/20110215/6878713.patch breaks shark zero build

* PR103: Usage of native2ascii during bootstrap

* PR633: IcedTea installs javaws manpages on x86 even with –disable-webstart

* PR635: zero fails to build on icedtea6 trunk 20110217 with hs20

* PR586: Sources missing from src.zip

* PR639: Add missing include line, paths and LLVM flags for Shark.

* PR640: JamVM fails to build - Unrecognised option: -XX:ThreadStackSize.

* PR641: Increase stack size for PPC

* PR497: Mercurial revision detection not very reliable

* PR585: Freenet throws java.lang.UnsatisfiedLinkError with OpenJDK/CACAO
- remove webstart and plugin, as they are now in separate icedtea-web project
- fix bnc#596177 - generate java cacerts at runtime (enabled for openSUSE 11.3+)
- add commented bouncycastle provider into java.security allowing easy enable it from rpm
requested by rgarrigue

Thu Feb 24 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#671714 - VUL-0: java-1_6_0-openjdk: permissions assigned to applets
with multiple JARs (icedtea6-1.9.7)
- Security updates

* S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption

* S6907662, CVE-2010-4465: Swing timer-based security manager bypass

* S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation

* S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets

* S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries

* S6985453, CVE-2010-4471: Java2D font-related system property leak

* S6927050, CVE-2010-4470: JAXP untrusted component state manipulation

* RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes

* RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken

* G344659: Fix issue when building on SPARC

* Fix latent JAXP bug caused by missing import
- patches changes:

* obsoletes stack-protector patches (already upstreamed)

* modified openjdk-6-src-b20-initialized-after.patch

* modified openjdk-6-src-b20-no-werror.patch

* openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch

* add openjdk-6-src-b20-stringcompare.patch

* add openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch

* add openjdk-6-src-b20-gcj-workaround.patch (11.2/x86_64 workaround)

Tue Feb 15 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#670304 - VUL-1: java-1_6_0-openjdk: denial of service using floats
icedtea6-1.9.6
- Security updates

* S4421494, CVE-2010-4476: infinite loop while parsing double literal.

Tue Feb 1 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#667313 - VUL-0: embargoed java icedtea issues
- Security updates

* RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
- Backports

* S6687968: PNGImageReader leaks native memory through an Inflater

* S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk

* S6782079: PNG: reading metadata may cause OOM on truncated images
- Fixes

* PR619: Improper finalization by the plugin can crash the browser
- fix bmo#582130 - symbol clash between moonlight and icedtea plugin

* icedtea6-1.9.4-moonlight-symbol-clash.patch
- mark cursor.properties a config

Mon Jan 17 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#664298 - VUL-0: java-1_6_0-openjdk: JNLPSecurityManager in some cases silently returns when a permission is denied
- Security updates:

* RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
- Backports

* S4356282: RFE: JDK should support OpenType/CFF fonts

* S6954424, RH525870: Support OpenType/CFF fonts in JDK 7

* S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc

* S6967436, RH597227: lines longer than 2^15 can fill window.

* S6967433: dashed lines broken when using scaling transforms.

* S6976265: No STROKE_CONTROL

* S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.

* S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
- Fixes
- S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path

* icedtea6-1.9.4-realpath.patch use realpath to resolve the double symlinks

Tue Jan 11 13:00:00 2011 mvyskocilAATTsuse.cz
- Update to icedtea6-1.9.3

* Re-enable compressed oops by default now 7002666 is fixed.

* bakckport S7002666: Eclipse CDT projects crash with compressed oops

* fix reapply ia64 fix from S6896043 which was reverted by S6953477
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path

* wrote a proposal readlink-recursive.patch

* sent upstream - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=613

Wed Dec 1 13:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.2 (bnc#656742)
- Latest security updates and hardening patches:

* RH645843, CVE-2010-3860: IcedTea System property information leak via public static
- Upgrade to latest revision of hs19 (b09).
- Allow the building of NetX to be disabled.
- Backports

* S6622432: RFE: Performance improvements to java.math.BigDecimal

* S6850606: Regression from JDK 1.6.0_12

* S6876282: BigDecimal’s divide(BigDecimal bd, RoundingFormat r) produces incorrect result

* S6991430, PR579: Zero PowerPC fix.

* S6703377: freetype: glyph vector outline is not translated correctly

* S6853592: VM test nsk.regression.b4261880 fails with “X Error of failed request: BadWindow” inconsistently.
- Bug fixes

* RH647737: Disable compressed oops in hs19 to avoid Eclipse failures.

* RH643674: Update fontconfig files for Fedora 11, 12, 13 and 14.
- NetX

* Do not prompt user multiple times for the same certificate.

* PR592: NetX can create invalid desktop entry files

Fri Oct 22 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.1 (bnc#642531)
- update to openjdk-6-b20

* fixes listed on http://blog.fuseyism.com/index.php/2010/09/10/icedtea6-19-released/
- Latest security updates and hardening patches:

* S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation

* S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition

* S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities

* S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free

* S6938813, CVE-2010-3557: OpenJDK Swing mutable static

* S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak

* S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability

* S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution

* S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution

* S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies

* S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage

* S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host

* S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)

* S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code

* S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection

* S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts

* S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection

* S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection

* (See: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html)
- IcedTeaPlugin:

* PR519: 100% CPU usage when displaying applets in Webkit based browsers

* Classes are no longer added to rt.jar, but to plugin.jar
- NetX:

* New man page for javaws

* Classes are no longer added to rt.jar, but to netx.jar
- bug fixes and backports

* S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes

* S6638712: Inference with wildcard types causes selection of inapplicable method

* S6650759: Inference of formal type parameter (unused in formal parameters) is not performed

* S6623943: javax.swing.TimerQueue’s thread occasionally fails to start

* RH633510: OpenJDK should use NUMA even if glibc doesn’t provide it
- misc:

* VisualVM support removed; now available in its own package at http://icedtea.classpath.org/hg/visualvm

* A separate build directory is now used for the OpenJDK build: openjdk.build-ecj (stage 1) and openjdk.build (stage 2)
- fix bnc#637224 - delta RPM for java-1_6_0-openjdk patch does not match installed data

* mark fontconfig and much more files as config noreplace
- fix bnc#648260 - update-alternatives: error: alternative pack200 can\'t be slave of java: it is a slave of javac

* move
*pack200
* from JRE to SDK

* add workaround into post removing the
*pack
* slaves from java alternative
- few more filters of rpmlint warnings
- Patches changes:

* openjdk-6-src-b16-lcms.patch - already included in b20

* openjdk-6-src-b17-enumeration-value.patch - already included in b20

* openjdk-6-src-b17-no-multiline-comments.patch - refresh for b20

* openjdk-6-src-b17-suggest-parentheses.patch - refresh for b20

* openjdk-6-src-b17-initialized-after.patch - refresh for b20

* openjdk-6-src-b20-defined-but-not-used.patch - new warn fix

* openjdk-6-src-b20-may-be-used-uninitialized.patch - new fix 2

* openjdk-6-src-b20-array-subscript-has-type-char.patch - new fix 3

* openjdk-6-src-b20-no-werror.patch - remove -Werror from more locations than before

* use quilt for applying of SUSE patches -> 2 new BR quilt and vim

Wed Jul 28 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.8.1 (bnc#623905)
- update to openjdk-6-b18
- Latest security updates and hardening patches:

* (CVE-2010-0837): JAR \"unpack200\" must verify input parameters (6902299)

* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)

* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)

* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)

* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)

* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)

* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)

* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)

* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)

* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)

* (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- IcedTeaNPPlugin.

* RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error

* Set context classloader for all threads in an applet\'s threadgroup

* PR436: Close all applet threads on exit

* PR480: NPPlugin with NoScript extension.

* PR488: Question mark changing into underscore in URL.

* RH592553: Fix bug causing 100% CPU usage.

* Don\'t generate a random pointer from a pthread_t in the debug output.

* Add ForbiddenTargetException for legacy support.

* Use variadic macro for plugin debug message printing.

* Don\'t link the plugin with libxul libraries.

* Fix race conditions in plugin initialization code that were causing hangs.

* RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.

* Fix policy evaluation to match the proprietary JDK.

* PR491: pass java_{code,codebase,archive} parameters to Java.

* Adds javawebstart.version property and give user permission to read that property.

* Old plugin removed; NPPlugin is now the default and is controlled by
- -enable/disable-plugin. As with the old plugin, it produces a
IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.

* Dependence on the binary plugs mechanism removed. The plugin and NetX
code is now imported into the JDK build in the same manner as langtools,
CORBA, JAXP and JAXWS.

* Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342
- NetX:

* Fix security flaw in NetX that allows arbitrary unsigned apps to set
any java property.

* Fix a flaw that allows unsigned code to access any file on the
machine (accessible to the user) and write to it.

* Make path sanitization consistent; use a blacklisting approach.

* Make the SingleInstanceServer thread a daemon thread.

* Handle JNLP files which use native libraries but do not indicate it

* Allow JNLP classloaders to share native libraries

* Added encoding support
- bug fixes

* Nimbus Look \'n\' Feel backported from OpenJDK7.

* JAXP and JAXWS now external dependencies rather than being in-tree.

* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups

* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs

* 6910590: Application can modify command array in ProcessBuilder

* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability

* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?

* 6678385: Fixes jvm crashes when window is resized.

* Produces the \"expected\" behavior for full screen applications, when
running the Metacity window manager.

* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code

* Zero/Shark

* Shark is now able to build itself.

* For ARM, add Thumb2 JIT.

* Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.

* others
http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html

* Eliminate spurious exception throwing when using PulseAudio

* PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.

* PR PR icedtea/324, icedtea/481: Fix Shark VM crash.

* Fix Zero build on Hitachi SH.

* PR476: Enable building SystemTap support on GCC 4.5.
- disabled systemtap support on openSUSE 11.2, as it requires more recent version
- require xulrunner191 on 11.1 too

Thu May 20 14:00:00 2010 mvyskocilAATTsuse.cz
- Change the policytool.desktop category to Utilities

Wed May 19 14:00:00 2010 roAATTsuse.de
- set locale to utf-8 variant to fix build
(broke when going over certificates with utf-8 filenames)

Thu May 13 14:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#603316: openjdk run out of file descriptors

* add openjdk-6-src-b17-stack-protector-fclose.patch
add the missing fclose to the stack-protector patch

Wed Apr 28 14:00:00 2010 mvyskocilAATTsuse.cz
- fixes ppc build

* enable nio2 only for ix86 and x86_64

* refresh openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- ignore old libopenssl on 11.3+
- use patch -i, instead of shell redirection

Mon Apr 12 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.7.3 (bnc#594415)
- security and hardending

* (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299)

* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807

* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)

* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)

* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)

* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)

* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)

* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)

* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)

* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)

* (CVE-2009-3555): TLS: MITM attacks via session renegotiation

* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups

* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs

* 6910590: Application can modify command array in ProcessBuilder

* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability

* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- Bug fixes:

* Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock

* Increase ThreadStackSize by 512kb on 32-bit Zero platforms

* Check cacerts database is valid

* Fix for plugin buffer overflow: Mozilla bug 555342

* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code

Thu Mar 18 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#589021 - Better protect java stack

* openjdk-6-src-b17-stack-protector.patch

Thu Mar 4 13:00:00 2010 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.7

* openjdk6 b17 14_oct_2009
- Enabled NPPlugin - fix [bnc#582206]
- patches changes:

* obsolete java-1.6.0-openjdk-sparc-fixes.patch

* obsolete java-1.6.0-openjdk-sparc-hotspot.patch

* obsolete icedtea6-1.6-npplugin-xulrunner191.patch

* obsolete icedtea6-1.6-no-return-in-nonvoid-function.patch

* obsolete icedtea6-ecc-support-b387a64caa08.patch

* add a lot of patches fixes a build of openjdk6 with gcc4.5 using
- Werror -Wall
openjdk-6-src-b17-no-multiline-comments.patch
openjdk-6-src-b17-enumeration-value.patch
openjdk-6-src-b17-suggest-parentheses.patch
openjdk-6-src-b17-no-efect.patch
openjdk-6-src-b17-initialized-after.patch
openjdk-6-src-b17-unused-variable.patch

* openjdk-6-src-b17-no-werror.patch (suppress the errors in autogenerated
code)

* icedtea6-1.7-no-return-in-non-void.patch
- move the noarch content to %%{_datadir}/ and create symlinks in usual
locations
- move demo/jvmti to the -devel package as it contains so files
- enable the --short-circuit in %%install section
- new alternatives - policytool and policytool.1.gz

Tue Feb 9 13:00:00 2010 prusnakAATTsuse.cz
- enable noarch subpackages

Mon Nov 23 13:00:00 2009 mvyskocilAATTsuse.cz
- Removed openjdk-6-src-b14-confluence-crash.patch from source dir

Tue Nov 10 13:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#554069 - VUL-0: Icedtea6 1.6.2 released

* a lot of security patches in icedtea6-1.6.2

* Improved jar performance,
http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b35f1e5075a4
- Obsoleted java-1.6.0-openjdk-makefile.patch

Wed Oct 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#546468: openjdk fails on certificate creation
applied upstream patch icedtea6-ecc-support-b387a64caa08.patch
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356
- Moved back from npplugin, as its not mature
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=385#c5

Thu Oct 8 14:00:00 2009 mvyskocilAATTsuse.cz
- Use 1.6.0 instead of javamajver macro to supress percent in provides error.

Tue Sep 29 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#542545: added 32/64bit specific provides to be compatible with
other JVM and OpenOffice.org

Thu Sep 10 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.6 - fixes bnc#537969

* hospot 09f7962b8b44
- patches changes:

* added icedtea6-1.6-npplugin-xulrunner191.patch

* added java-1.6.0-openjdk-sparc-fixes.patch (from Fedora)

* added java-1.6.0-openjdk-sparc-hotspot.patch (from Fedora)

* added icedtea6-1.6-no-return-in-nonvoid-function.patch
(allows build on 11.1)

* regenerated java-1.6.0-openjdk-java-access-bridge-security.patch

* regenerated java-1.6.0-openjdk-makefile.patch

* removed icedtead6-1.5-npplugin-xulrunner191.patch

* removed java-1.6.0-openjdk-execvpe.patch

* removed java-1.6.0-openjdk-netx.patch

Wed Aug 19 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#530046 - jmap fails: NoSuchSymbolException: Could not find symbol
\"gHotSpotVMTypeEntryTypeNameOffset\"
keep non debug symbols in libjvm.so

Tue Aug 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.5.1 contains a lot of security fixes from Sun JDK6u15
This includes fixes for:

* bnc#524505: Vulnerability in OpenJDK/NetX

* bnc#514421: XML Signature weakness (HMAC truncation)
- Fixed bnc#521512: lcms pointer dereference
- Dropped some s390 patches, because they was obsoleted and not used
- Fixed bnc#525097 - openjdk installs dead .desktop files

* now removed
*.desktop from %%files of openjdk

Wed Jul 29 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea-1.5

* visualvm-111

* hotspot 25a020f13592
- Fixed bnc#525097 - openjdk installs dead .desktop files
- Remove archsuffix usage
- patches changes:

* added java-1.6.0-openjdk-accessible-toolkit.patch

* added java-1.6.0-openjdk-netx.patch

* added java-1.6.0-openjdk-execvpe.patch

* added icedtead6-1.5-nppplugin-xulrunner191.patch

* removed openjdk-6-src-b14-confluence-crash.patch

* refreshed java-1.6.0-openjdk-makefile.patch
- new features and fixes:

* Fixed security handling to prevent access denials when there is a site
specific exception in the policy file

* Allow extentions (chrome) to run Java code with full permissions

* Added non-trusted SSL support to WebStart (javaws)

* Added proxy support

* Other improvements that were breaking specific sites (tag parser fix,
nested jar support, etc.)

* Added JVM Console (used by http://chrispederick.com/work/web-developer/)

* Many gervill, java2d, nio2, pulse java, zero/shark, jtreg fixes.

* New IcedTeaNPPlugin

Thu Jun 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Merged fontfonfig for openjdk and Sun:

* Use Sazanami Mincho for monospaced fonts

* Added AWT X11 font paths

Mon May 25 14:00:00 2009 mvyskocilAATTsuse.cz
- Enabled systemtap only for jit architectures only
- Refreshed non-return-in-non-void ppc patch

Fri May 15 14:00:00 2009 mvyskocilAATTsuse.cz
- \'used systemtap-sdt-devel (see bnc#503088)\'

Thu May 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Change version system for openjdk, now it uses a
%%{javaver}.%%{buildver}_%{{openjdkver}
- Enabled systemtap support
- Moved jpackage macro definitions upper in spec

Wed May 13 14:00:00 2009 mvyskocilAATTsuse.cz
- updates:

* openjdk b16

* icedtea snapshot cc658d9f4a64

* hotspot snapshot fc6a5ae3fef5
- new features:

* systemtap support (not yet enabled in SUSE)

* removed gcjwebplugin

* fixed lcms breakage
https://bugs.openjdk.java.net/show_bug.cgi?id=100050

* fixes in JNLP runtime

* various improvements in support of third party VMs (shark, cacao, zero)
- patches changes:

* removed obsoleted pulseaudio patch

* added openjdk-6-src-b16-no-return-in-nonvoid-function.patch
- enabled tests
- build using xulrunner 1.9.1 on 11.2

Tue Apr 21 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#496378: openjdk has an empty keystore

Tue Apr 14 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#493146: pulse-java integer overflow

Tue Apr 7 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#492555: tomcat6 and confluence causes a JVM crash
http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/039a914095f4

Fri Apr 3 14:00:00 2009 mvyskocilAATTsuse.cz
- icedtea 1.4.1:
- Fixed version string: Set PRODUCT_NAME to OpenJDK, unless doing a CACAO
build (set to IcedTea).
- Plugin fixes: icedtead bug#264.
- Re-implemented visualvm.

Mon Mar 2 13:00:00 2009 mvyskocilAATTsuse.cz
- fixed ppc/ppc64 build bnc#471829 comment#28
- added openjdk-6-src-b14-no-return-in-nonvoid-function-ppc.patch

Mon Feb 9 13:00:00 2009 mvyskocilAATTsuse.cz
- updates:

* openjdk b14 (25_nov_2008)

* icedtea 1.4 (-e34ba0ba2281)
- new features:

* IcedTeaPlugin is now default

* PulseAudio integration

* hotspot from jdk7
- new files included:

* visualvm

* jdk7 hotspot (-f9d938ede196)

* mauve tests (but not used it)
- patches changes:

* added two new java access bridge patches (Fedora)

* fix a no-return-in-nonvoid-function.patch (sened to icedtea)

* obsoleted icedtea-jhat patch

* obsoleted openjdk execstack
- moved back to bz2 archives
- removed a policy archives
- used a %%{javaver} in top level dir (bnc#465624)
- moved to the plugin alternative naming as a sun JVM has
(libjavaplugin.so.z86_64 --> javaplugin)
- added a documentation howto get a current source
- moved the cacert generation to %%build section
- clean up a %%prep (thanks to bz2 and cacerts move)
- clean up the build process
- add a blank line to %%install for better readability
- install icons
- carefull usage of fdupes
- Added a fontconfig.SuSE.properties which uses a Dejavu (bnc#438674)
- Fixed a desktop files installation
- Fixed build on %%ix86:
- added a undefined-operation patch
- added a no-return-in-nonvoid-function-ix86 patch
- Suppress some rpmlint warnings
- Fixed a duplicates in javadocs

Fri Nov 21 13:00:00 2008 roAATTsuse.de
- update check-build.sh

Mon Nov 3 13:00:00 2008 mvyskocilAATTsuse.cz
- Removed the explicit ulimit setup

Thu Oct 23 14:00:00 2008 mvyskocilAATTsuse.cz
- Fix of some signed applets related bugs:
bnc#430401, bnc#436915, bnc#396451
convert the certificates from openssl-certs package to standard
Java Key store jre/lib/cacerts
- Added a missing rhino requires (provides a Java/Javascript support)
- Added a missing alternative symlink to javaws (Java Webstart)

Fri Sep 5 14:00:00 2008 mvyskocilAATTsuse.cz
- merged spec file upstream one (from icedtea.classpath.org) for simpler
maintenance in future
- movement of some macro definitions on the begining of the spec file
- added some missing macros (eg. icedteasnapshot and openjdkdate)
- the sources are defined by these macros
- changed the Group to Development/Languages/Java (from Libraries)
- changed the URL to icedtea.classpath.org
- removal of icedtea7 bootstrapping and leave the gcj and openjdk6 options
- improved BuildRequires and Requires - one value per line (better diff
output)
- a new --with-openjdk-src-zip option to configure
- updates
- openjdk - version from 10_jul_2008
- icedtea - from b09 to b11
- java access bridge - from 1.22 to 1.23
- a new BuildRequire - rhino
- changes in patches
- the java-1.6.0-openjdk-optflags.patch was improved (thanks to Mandriva)
- regenerated java-1.6.0-openjdk-makefile.patch and
java-1.6.0-openjdk-jhat.patch with movement into %prep
- new java-1.6.0-openjdk-java-access-bridge-tck.patch (from upstream)
- increase a numbers of SUSE specific patches
- removed java-enum_cell.patch, because it was obsoleted by new version of
source codes

Wed Jul 30 14:00:00 2008 roAATTsuse.de
- extend provides list jre1.4.x jre1.5.x jre1.6.x

Mon Jul 28 14:00:00 2008 roAATTsuse.de
- fix build on i386 again (from gcc bug#36917)

Tue Jul 22 14:00:00 2008 cooloAATTsuse.de
- build with xml-commons-api-bootstrap (ant complains, still works)

Tue Jul 22 14:00:00 2008 cooloAATTsuse.de
- build with xerces-j2-bootstrap (misses jaxp_parser_impl, but
ant still works)

Mon Jul 21 14:00:00 2008 cooloAATTsuse.de
- avoid buildcycle between xulrunner and openjdk

Thu Jul 17 14:00:00 2008 roAATTsuse.de
- use openjdk for bootstrap on ppc64 just as on ppc
- added provides for jre1.3.x needed by fop

Tue May 20 14:00:00 2008 bkAATTsuse.de
- Complete migration of %{_jvmjardir}/%{sdklnk} to symlink (#bnc 392494)
- un-lzma tarballs using lzma directly to support older rpmbuild\'s
- add checks for the amount of virtual memory available for build

Sat May 17 14:00:00 2008 ajAATTsuse.de
- Do not package %{_jvmjardir}/%{sdklnk}.

Wed May 14 14:00:00 2008 mvyskocilAATTsuse.cz
- fix of [bnc#388578] - tomcat6 cannot get installed
changed the definition of a %jvmjardir macro to %{_jvmjardir}/%{sdkdir}
- increased an update-alternatives priority
- added a new Requires to jpackage-utils

Fri May 9 14:00:00 2008 ajAATTsuse.de
- Silence gcc warning about missing return value.

Fri May 9 14:00:00 2008 adrianAATTsuse.de
- remove not needed mercurial from BuildRequires to reduce
bootstrap loop

Wed Apr 30 14:00:00 2008 adrianAATTsuse.de
- switch to openjdk-bootstrap for all %ix86

Mon Apr 28 14:00:00 2008 roAATTsuse.de
- switch to openjdk-bootstrap for i386,ppc,x86_64

Fri Apr 25 14:00:00 2008 bkAATTsuse.de
- Fix build and add macros to make it easyer to build on SUSE 10.3

Tue Apr 22 14:00:00 2008 bkAATTsuse.de
- Initial version based on java-1_7_0-icedtea, but it\'s a lot smaller


 
ICM