SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for java-1_6_0-openjdk-1.6.0.0_b27.1.12.4-33.1.x86_64.rpm :
Tue Mar 5 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.4 (bnc#807487)
- S8007014, CVE-2013-0809: Improve image handling
- S8007675, CVE-2013-1493: Improve color conversion

Wed Feb 20 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.3 (bnc#804654)

* Security fixes
- S8006446: Restrict MBeanServer access (CVE-2013-1486)
- S8006777: Improve TLS handling of invalid messages
Lucky 13 (CVE-2013-0169)
- S8007688: Blacklist known bad certificate (issued by DigiCert)

* Backports
- S8007393: Possible race condition after JDK-6664509
- S8007611: logging behavior in applet changed

* Bug fixes
- PR1319: Support GIF lib v5.

Tue Feb 12 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.2 (bnc#801972)

* Backports
- S8004341: Two JCK tests fails with 7u11 b06
- S8005615: Java Logger fails to load tomcat logger implementation (JULI)

* Bug fixes
- PR1297: cacao and jamvm parallel unpack failures
- PR1301: PR1171 causes builds of Zero to fail

Fri Feb 8 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.1 (bnc#801972)

* Security fixes (on top of 1.12.0)
- S6563318, CVE-2013-0424: RMI data sanitization
- S6664509, CVE-2013-0425: Add logging context
- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
- S6776941: CVE-2013-0427: Improve thread pool shutdown
- S7141694, CVE-2013-0429: Improving CORBA internals
- S7173145: Improve in-memory representation of splashscreens
- S7186945: Unpack200 improvement
- S7186946: Refine unpacker resource usage
- S7186948: Improve Swing data validation
- S7186952, CVE-2013-0432: Improve clipboard access
- S7186954: Improve connection performance
- S7186957: Improve Pack200 data validation
- S7192392, CVE-2013-0443: Better validation of client keys
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
- S7192977, CVE-2013-0442: Issue in toolkit thread
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
- S7200491: Tighten up JTable layout code
- S7200500: Launcher better input validation
- S7201064: Better dialogue checking
- S7201066, CVE-2013-0441: Change modifiers on unused fields
- S7201068, CVE-2013-0435: Better handling of UI elements
- S7201070: Serialization to conform to protocol
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue
- S8000210: Improve JarFile code quality
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
- S8000540, CVE-2013-1475: Improve IIOP type reuse management
- S8000631, CVE-2013-1476: Restrict access to class constructor
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling
- S8001242: Improve RMI HTTP conformance
- S8001307: Modify ACC_SUPER behavior
- S8001972, CVE-2013-1478: Improve image processing
- S8002325, CVE-2013-1480: Improve management of images
- openjdk-7-src-b147-awt-crasher.patch (bnc#792951)

Mon Feb 4 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.0

* Import of OpenJDK6 b27 (all changes already in security updates)

* Import of OpenJDK6 b26
- S7071826: Avoid benign race condition in initialization of UUID
- S7123896: Unexpected behavior due to Solaris using separate IPv4 and IPv6 port spaces
- S7142509: Cipher.doFinal(ByteBuffer,ByteBuffer) fails to process when in.remaining() == 0
- S7157903: JSSE client sockets are very slow
- S7174440: JDK6-open build breakage
- S7175845: JSSE client sockets are very slow
- S7176477: TEST: Remove testcase test/java/lang/SecurityManager/CheckPackageDefinition.java from jdk6-open
- S7184700: Backout changes with wrong id for 7157903
- S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo

* Import of OpenJDK6 b25
- S6790292: BOOTDIR of jdk6 u12 will not work with jdk7 builds
- S6967036: Need to fix links with // in Javadoc comments
- S7007299: FileFontStrike appears not to be threadsafe
- S7022473: JDK7 still runs /etc/prtconf to find memory size
- S7058133: Javah should use the freshly built classes instead of those from the BOOTDIR jdk
- S7107919: Remove hotspot assertion due to Solaris 8 kstat \"unimplemented\".
- S7123519: problems with certification path
- S7126889: Incorrect SSLEngine debug output
- S7127104: Build issue with prtconf and zones, also using := to avoid extra execs
- S7128474: Update source copyright years
- S7128505: Building on em64t system does not work
- S7149751: another krb5 test in openjdk6 without test infrastructure

* Backports
- S6706974: Add krb5 test infrastructure
- S6764553: com.sun.org.apache.xml.internal.security.utils.IdResolver is not thread safe
- S6761072: new krb5 tests fail on multiple platforms
- S6883983: JarVerifier dependency on sun.security.pkcs should be removed
- S4465490: Suspicious about double-check locking idiom being used in the code
- S6763340: memory leak in com.sun.corba.se.
* classes
- S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04
- S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477
- S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8
- S6414899: P11Digest should support cloning
- S4898461: Support for ECB and CBC/PKCS5Padding
- S6604496: Support for CKM_AES_CTR (counter mode)
- S6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
- S6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
- S6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
- S6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
- S6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
- S6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
- S7088989: Improve the performance for T4 by utilizing the newly provided crypto APIs

* Bug fixes
- PR902: PulseAudioClip getMicrosecondsLength() returns length in milliseconds, not microseconds
- PR1050: Stream objects not garbage collected
- PR1113: Add tapset tests to distribution.
- PR1117: IcedTea6 prebuilds far too many classes on bootstrap
- PR1121: Old installs still suffer from GCC PR41686
- PR1119: Only add classes to rt-source-files.txt if the class (or one or more of its methods/fields)
are actually missing from the boot JDK
- PR1114: Provide option to turn off downloading of tarballs (--disable-downloading)
- PR1176: Synchronise CACAO rules between IcedTea6/7/8 where possible
- RH513605: Updating/Installing OpenJDK should recreate the shared class-data archive
- G422525: Apply pax markings before using a freshly built JVM.
- PR986: IcedTea fails to build with IcedTea6 CACAO due to low max heap size

* CACAO
- PR1120: Unified version for icedtea6/7
- CA166, CA167: check-langtools fixes for icedtea6
- Implemented sun.misc.Perf.highResCounter
- CACAO now identifies by its own Mercurial revision
- Some memory barrier maintenance
- Ability to run when compiled as Thumb on armv5 (no Thumb JIT though)
- Stop creating pseudo files for OpenJDK (libjsig.so, Xusage.txt)
- Clang fix for the i386 backend
- CONTRIBUTE: Reference code submission process wiki instructions.
- INSTALL.CACAO: Update, so following the instruction actually works.
- Make doxygen work
- CA172, PR1266, G453612: ARM hardfloat support
- src/scripts/java.in: Look for cacao executable in install path, not in PATH.
- src/vm/jit/alpha/asmpart.S: Fix copyright header.
- src/vm/jit/alpha/asmpart.S: Properly set up GP in asm_abstractmethoderror
- Use AATTabs_top_builddirAATT for support scripts

* JamVM
- ARMv6 armhf: Changes for Raspbian (Raspberry Pi)
- PPC: Don\'t use lwsync if it isn\'t supported
- X86: Generate machine-dependent stubs for i386
- When suspending, ignore detached threads that have died, this prevents
a user caused deadlock when an external thread has been attached to the VM
via JNI and it has exited without detaching
- Add missing REF_TO_OBJs for references passed from JNI, this enable JamVM
to run Qt-Jambi
- PR1155: Do not put version number in libjvm.so SONAME

* SystemTap
- Addition of garbage collection probes

* drop bouncycastle patch and add a shell hackery in %install

Fri Oct 19 14:00:00 2012 mvyskocilAATTsuse.com
- update to 1.11.5 (bnc#785433)

* Security fixes
- S6631398, CVE-2012-3216: FilePermission improved path checking
- S7093490: adjust package access in rmiregistry
- S7143535, CVE-2012-5068: ScriptEngine corrected permissions
- S7167656, CVE-2012-5077: Multiple Seeders are being created
- S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
- S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
- S7172522, CVE-2012-5072: Improve DomainCombiner checking
- S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
- S7189103, CVE-2012-5069: Executors needs to maintain state
- S7189490: More improvements to DomainCombiner checking
- S7189567, CVE-2012-5085: java net obselete protocol
- S7192975, CVE-2012-5071: Conditional usage check is wrong
- S7195194, CVE-2012-5084: Better data validation for Swing
- S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
- S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance
- S7198296, CVE-2012-5089: Refactor classloader usage
- S7158800: Improve storage of symbol tables
- S7158801: Improve VM CompileOnly option
- S7158804: Improve config file parsing
- S7176337: Additional changes needed for 7158801 fix
- S7198606, CVE-2012-4416: Improve VM optimization

* Backports
- S7175845: \"jar uf\" changes file permissions unexpectedly
- S7177216: native2ascii changes file permissions of input file
- S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo

* Bug fixes
- PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default

Mon Sep 3 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.4 (bnc#777499)

* Security fixes
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7163201, CVE-2012-0547: Simplify toolkit internals references

* OpenJDK
- S7182135: Impossible to use some editors directly
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE

Mon Aug 20 14:00:00 2012 meissnerAATTsuse.com
- fixed gnome-java-bridge.jar file permissions. bnc#770040

Thu Jun 14 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.3 (bnc#766802)

* Security fixes
- S7079902, CVE-2012-1711: Refine CORBA data models
- S7110720: Issue with vm config file loadingIssue with vm config file loading
- S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
- S7143872, CVE-2012-1718: Improve certificate extension processing
- S7145239: Finetune package definition restriction
- S7152811, CVE-2012-1723: Issues in client compiler
- S7157609, CVE-2012-1724: Issues with loop
- S7160677: missing else in fix for 7152811
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile

* Bug fixes
- PR1018: JVM fails due to SEGV during rendering some Unicode characters (part of 6886358)

Tue Jun 12 14:00:00 2012 cfarrellAATTsuse.com
- license update: GPL-2.0-with-classpath-exception
Use a license from http://www.spdx.org/licenses (or from the spreadsheet
linked at license.opensuse.org if spdx.org does not have a suitable
entry)

Mon May 14 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.2

* Bug fixes
- RH789154: javac error messages no longer contain the full path to the offending file:
- PR797: Compiler error message does not display entire file name and path
- PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6
- PR886: 6-1.11.1 fails to build CACAO on ppc
- Specify both source and target in IT_GET_DTDTYPE_CHECK.
- Install nss.cfg into j2re-image too.
- PR584: Don\'t use shared Eden in incremental mode.

* Backports
- S6792400: Avoid loading of Normalizer resources for simple uses
- fix fileconflict with java-1_7_0-openjdk
- add openjdk-6-src-b24-zero-increase-stack-size.patch by Dinar Valeev

Wed Apr 4 14:00:00 2012 reddwarfAATTopensuse.org
- Add xorg-x11 BuildRequires to have xprop

Mon Feb 27 13:00:00 2012 dmuellerAATTsuse.de
- fix build on ARM

Thu Feb 16 13:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.1 (bnc#747208)

* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server

* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch

Fri Feb 3 13:00:00 2012 roAATTsuse.de
- apply ppc patch also on s390/s390x
- add a 3 more void-return fixes to ppc patch

Fri Feb 3 13:00:00 2012 mvyskocilAATTsuse.cz
- update to icedtea6-1.11, openjdk b24
- ARM assembly language port reinstated and updated
- Allow selection of test suites using the jtreg_checks argument e.g. jtreg_checks=\"langtools\"
- Drop the outdated NIO2 backport. Users who want NIO2 should use IcedTea 2.x.
- Shark has been disabled
- Fixed build with GCC 4.7

Tue Jan 17 13:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.10.5 (bugfix release)

* Backports
- S7034464: Support transparent large pages on Linux
- S7037939: NUMA: Disable adaptive resizing if SHM large pages are used
- S7102369: remove java.rmi.server.codebase property parsing from registyimpl
- S7094468: rmiregistry clean up
- S7103725, RH767129: REGRESSION - 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA
- S6851973, PR830: ignore incoming channel binding if acceptor does not set one
- S7091528: javadoc attempts to parse .class files

Sat Dec 10 13:00:00 2011 meissnerAATTsuse.de
- adjusted patch110 to fix ppc build.

Fri Dec 9 13:00:00 2011 mvyskocilAATTsuse.cz
- there is no architecture called arm, so use macro instead

Thu Dec 8 13:00:00 2011 mvyskocilAATTsuse.cz
- fix a stuff needed for gjc-based build

* change compiler flags in configure to gjc compatible

* added no-werror patch for openjdk-ecj

* avoid all aditional checking packages in this mode

* temporary remove memory size increase

* exclude patch110 in this case - TBD later
- definitelly drop noarch feature as it never worked well
- add arm to 32bit architectures
- remove rhino as a runtime dependency, as it\'s repackaged and
installed in the jvm\'s tree
- enable build --with-parallel-jobs

Wed Nov 30 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Fri Oct 21 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.4 (bnc#725167)
- Security fixes

* S7000600, CVE-2011-3547: InputStream skip() information leak

* S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor

* S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow

* S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager

* S7046794, CVE-2011-3553: JAX-WS stack-traces information leak

* S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine

* S7055902, CVE-2011-3521: IIOP deserialization code execution

* S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks

* S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

* S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer

* S7077466, CVE-2011-3556: RMI DGC server remote code execution

* S7083012, CVE-2011-3557: RMI registry privileged code execution

* S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
- Bug fixes
- RH727195: Japanese font mappings are broken
- Backports
- S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog

Thu Aug 4 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.3
- Bug fixes

* PR748: Icedtea6 fails to build with Linux 3.0.

* PR744: icedtea6-1.10.2 : patching error
- Backports:

* S7037283, RH712211: Null Pointer Exception in SwingUtilities2.

* S6769607, PR677: Modal frame hangs for a while.

* S6578583: Modality is broken in windows vista home premium from jdk1.7 b02 onwards.

* S6610244: modal dialog closes with fatal error if -Xcheck:jni is set
- don\'t touch java and javac alternatives anymore

Tue Jun 14 14:00:00 2011 mvyskocilAATTsuse.cz
- fix build on 11.1/i586 distros

* add icedtea6-replace-gcc-stack-marking.patch

Wed Jun 8 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#698739: icedtea6-1.10.2 released
- Security fixes

* S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)

* S6618658, CVE-2011-0865: Vulnerability in deserialization

* S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()

* S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code

* S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings

* S7013971, CVE-2011-0869: Vulnerability in SAAJ

* S7016340, CVE-2011-0870: Vulnerability in SAAJ

* S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero

* S7020198, CVE-2011-0871: ImageIcon creates Component with null acc

* S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables
- Backports

* S7043054: REGRESSION - wrong userBounds in Paint.createContext()

* S7043963, RH698295: Window manager workaround in AWT was not applied to mutter. Now it is.
- add commented bouncycastle provider into java.security allowing easy enable it from rpm
requested by rgarrigue

Thu Jun 2 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#695858 - call update-ca-certificates in posttrans

Thu Apr 14 14:00:00 2011 mvyskocilAATTsuse.cz
- Fix the keystore handling

* remove the default (32 bytes long) keystore, if installed

* install symlinks in %posttrans, because older file not dissapear in post

Tue Apr 5 14:00:00 2011 mvyskocilAATTsuse.cz
- Update to icedtea6-1.10.1, openjdk b22, hotdpot 20b11
see following links for more details
http://blog.fuseyism.com/index.php/2011/04/04/icedtea6-1101-released/
http://blog.fuseyism.com/index.php/2011/03/02/icedtea6-110-released/
- Backports:

* S7023591, S7027667: Clipped antialiased rectangles are filled, not drawn.
Add missing privileged block around access to the sun.awt.nativedebug
property.

* S7032388, PR682: Make HotSpot work on machines without cmov instruction again

* S7031385, PR680: Incorrect register allocation in orderAccess_linux_x86.inline.hpp
Bug fixes:

* G356743: Support libpng 1.5.

* RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors

* PR600: HS19 upgrade broke CACAO build on ARM

* PR616, PR99: Don’t statically link libstdc++ or libgcc

* PR632: patches/security/20110215/6878713.patch breaks shark zero build

* PR103: Usage of native2ascii during bootstrap

* PR633: IcedTea installs javaws manpages on x86 even with –disable-webstart

* PR635: zero fails to build on icedtea6 trunk 20110217 with hs20

* PR586: Sources missing from src.zip

* PR639: Add missing include line, paths and LLVM flags for Shark.

* PR640: JamVM fails to build - Unrecognised option: -XX:ThreadStackSize.

* PR641: Increase stack size for PPC

* PR497: Mercurial revision detection not very reliable

* PR585: Freenet throws java.lang.UnsatisfiedLinkError with OpenJDK/CACAO
- remove webstart and plugin, as they are now in separate icedtwa-web project
- fix bnc#596177 - generate java cacerts at runtime (enabled for openSUSE 11.3+)

Tue Mar 15 13:00:00 2011 mvyskocilAATTsuse.cz
- remove policytool from javac alternative

Thu Feb 24 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#671714 - VUL-0: java-1_6_0-openjdk: permissions assigned to applets
with multiple JARs (icedtea6-1.9.7)
- Security updates

* S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption

* S6907662, CVE-2010-4465: Swing timer-based security manager bypass

* S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation

* S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets

* S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries

* S6985453, CVE-2010-4471: Java2D font-related system property leak

* S6927050, CVE-2010-4470: JAXP untrusted component state manipulation

* RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes

* RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken

* G344659: Fix issue when building on SPARC

* Fix latent JAXP bug caused by missing import
- fix bnc#670304 - VUL-1: java-1_6_0-openjdk: denial of service using floats
(icedtea6-1.9.6)
- Security updates

* S4421494, CVE-2010-4476: infinite loop while parsing double literal
- patches changes:

* obsoletes stack-protector patches (already upstreamed)

* modified openjdk-6-src-b20-initialized-after.patch

* modified openjdk-6-src-b20-no-werror.patch

* openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch

* add openjdk-6-src-b20-stringcompare.patch

* add openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch

* add openjdk-6-src-b20-gcj-workaround.patch (11.2/x86_64 workaround)

Tue Feb 1 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#667313 - VUL-0: embargoed java icedtea issues
- Security updates

* RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
- Backports

* S6687968: PNGImageReader leaks native memory through an Inflater

* S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk

* S6782079: PNG: reading metadata may cause OOM on truncated images
- Fixes

* PR619: Improper finalization by the plugin can crash the browser

Mon Jan 31 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bmo#582130 - symbol clash between moonlight and icedtea plugin

* icedtea6-1.9.4-moonlight-symbol-clash.patch
- mark cursor.properties a config

Mon Jan 17 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#664298 - VUL-0: java-1_6_0-openjdk: JNLPSecurityManager in some cases silently returns when a permission is denied
- Security updates:

* RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
- Backports

* S4356282: RFE: JDK should support OpenType/CFF fonts

* S6954424, RH525870: Support OpenType/CFF fonts in JDK 7

* S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc

* S6967436, RH597227: lines longer than 2^15 can fill window.

* S6967433: dashed lines broken when using scaling transforms.

* S6976265: No STROKE_CONTROL

* S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.

* S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
- Fixes
- S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path

* icedtea6-1.9.4-realpath.patch use realpath to resolve the double symlinks

Tue Jan 11 13:00:00 2011 mvyskocilAATTsuse.cz
- Update to icedtea6-1.9.3

* Re-enable compressed oops by default now 7002666 is fixed.

* bakckport S7002666: Eclipse CDT projects crash with compressed oops

* fix reapply ia64 fix from S6896043 which was reverted by S6953477
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path

* wrote a proposal readlink-recursive.patch

* sent upstream - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=613

Wed Dec 1 13:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.2 (bnc#656742)
- Latest security updates and hardening patches:

* RH645843, CVE-2010-3860: IcedTea System property information leak via public static
- Upgrade to latest revision of hs19 (b09).
- Allow the building of NetX to be disabled.
- Backports

* S6622432: RFE: Performance improvements to java.math.BigDecimal

* S6850606: Regression from JDK 1.6.0_12

* S6876282: BigDecimal’s divide(BigDecimal bd, RoundingFormat r) produces incorrect result

* S6991430, PR579: Zero PowerPC fix.

* S6703377: freetype: glyph vector outline is not translated correctly

* S6853592: VM test nsk.regression.b4261880 fails with “X Error of failed request: BadWindow” inconsistently.
- Bug fixes

* RH647737: Disable compressed oops in hs19 to avoid Eclipse failures.

* RH643674: Update fontconfig files for Fedora 11, 12, 13 and 14.
- NetX

* Do not prompt user multiple times for the same certificate.

* PR592: NetX can create invalid desktop entry files

Fri Oct 22 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.1 (bnc#642531)
- update to openjdk-6-b20

* fixes listed on http://blog.fuseyism.com/index.php/2010/09/10/icedtea6-19-released/
- Latest security updates and hardening patches:

* S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation

* S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition

* S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities

* S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free

* S6938813, CVE-2010-3557: OpenJDK Swing mutable static

* S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak

* S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability

* S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution

* S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution

* S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies

* S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage

* S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host

* S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)

* S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code

* S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection

* S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts

* S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection

* S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection

* (See: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html)
- IcedTeaPlugin:

* PR519: 100% CPU usage when displaying applets in Webkit based browsers

* Classes are no longer added to rt.jar, but to plugin.jar
- NetX:

* New man page for javaws

* Classes are no longer added to rt.jar, but to netx.jar
- bug fixes and backports

* S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes

* S6638712: Inference with wildcard types causes selection of inapplicable method

* S6650759: Inference of formal type parameter (unused in formal parameters) is not performed

* S6623943: javax.swing.TimerQueue’s thread occasionally fails to start

* RH633510: OpenJDK should use NUMA even if glibc doesn’t provide it
- misc:

* VisualVM support removed; now available in its own package at http://icedtea.classpath.org/hg/visualvm

* A separate build directory is now used for the OpenJDK build: openjdk.build-ecj (stage 1) and openjdk.build (stage 2)
- fix bnc#637224 - delta RPM for java-1_6_0-openjdk patch does not match installed data

* mark fontconfig and much more files as config noreplace
- fix bnc#648260 - update-alternatives: error: alternative pack200 can\'t be slave of java: it is a slave of javac

* move
*pack200
* from JRE to SDK

* add workaround into post removing the
*pack
* slaves from java alternative
- few more filters of rpmlint warnings
- Patches changes:

* openjdk-6-src-b16-lcms.patch - already included in b20

* openjdk-6-src-b17-enumeration-value.patch - already included in b20

* openjdk-6-src-b17-no-multiline-comments.patch - refresh for b20

* openjdk-6-src-b17-suggest-parentheses.patch - refresh for b20

* openjdk-6-src-b17-initialized-after.patch - refresh for b20

* openjdk-6-src-b20-defined-but-not-used.patch - new warn fix

* openjdk-6-src-b20-may-be-used-uninitialized.patch - new fix 2

* openjdk-6-src-b20-array-subscript-has-type-char.patch - new fix 3

* openjdk-6-src-b20-no-werror.patch - remove -Werror from more locations than before

* use quilt for applying of SUSE patches -> 2 new BR quilt and vim

Wed Jul 28 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.8.1 (bnc#623905)
- update to openjdk-6-b18
- Latest security updates and hardening patches:

* (CVE-2010-0837): JAR \"unpack200\" must verify input parameters (6902299)

* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)

* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)

* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)

* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)

* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)

* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)

* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)

* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)

* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)

* (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- IcedTeaNPPlugin.

* RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error

* Set context classloader for all threads in an applet\'s threadgroup

* PR436: Close all applet threads on exit

* PR480: NPPlugin with NoScript extension.

* PR488: Question mark changing into underscore in URL.

* RH592553: Fix bug causing 100% CPU usage.

* Don\'t generate a random pointer from a pthread_t in the debug output.

* Add ForbiddenTargetException for legacy support.

* Use variadic macro for plugin debug message printing.

* Don\'t link the plugin with libxul libraries.

* Fix race conditions in plugin initialization code that were causing hangs.

* RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.

* Fix policy evaluation to match the proprietary JDK.

* PR491: pass java_{code,codebase,archive} parameters to Java.

* Adds javawebstart.version property and give user permission to read that property.

* Old plugin removed; NPPlugin is now the default and is controlled by
- -enable/disable-plugin. As with the old plugin, it produces a
IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.

* Dependence on the binary plugs mechanism removed. The plugin and NetX
code is now imported into the JDK build in the same manner as langtools,
CORBA, JAXP and JAXWS.

* Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342
- NetX:

* Fix security flaw in NetX that allows arbitrary unsigned apps to set
any java property.

* Fix a flaw that allows unsigned code to access any file on the
machine (accessible to the user) and write to it.

* Make path sanitization consistent; use a blacklisting approach.

* Make the SingleInstanceServer thread a daemon thread.

* Handle JNLP files which use native libraries but do not indicate it

* Allow JNLP classloaders to share native libraries

* Added encoding support
- bug fixes

* Nimbus Look \'n\' Feel backported from OpenJDK7.

* JAXP and JAXWS now external dependencies rather than being in-tree.

* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups

* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs

* 6910590: Application can modify command array in ProcessBuilder

* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability

* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?

* 6678385: Fixes jvm crashes when window is resized.

* Produces the \"expected\" behavior for full screen applications, when
running the Metacity window manager.

* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code

* Zero/Shark

* Shark is now able to build itself.

* For ARM, add Thumb2 JIT.

* Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.

* others
http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html

* Eliminate spurious exception throwing when using PulseAudio

* PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.

* PR PR icedtea/324, icedtea/481: Fix Shark VM crash.

* Fix Zero build on Hitachi SH.

* PR476: Enable building SystemTap support on GCC 4.5.
- disabled systemtap support on openSUSE 11.2, as it requires more recent version
- require xulrunner191 on 11.1 too

Thu May 20 14:00:00 2010 mvyskocilAATTsuse.cz
- Change the policytool.desktop category to Utilities

Wed May 19 14:00:00 2010 roAATTsuse.de
- set locale to utf-8 variant to fix build
(broke when going over certificates with utf-8 filenames)

Thu May 13 14:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#603316: openjdk run out of file descriptors

* add openjdk-6-src-b17-stack-protector-fclose.patch
add the missing fclose to the stack-protector patch

Wed Apr 28 14:00:00 2010 mvyskocilAATTsuse.cz
- fixes ppc build

* enable nio2 only for ix86 and x86_64

* refresh openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- ignore old libopenssl on 11.3+
- use patch -i, instead of shell redirection

Mon Apr 12 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.7.3 (bnc#594415)
- security and hardending

* (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299)

* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807

* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)

* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)

* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)

* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)

* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)

* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)

* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)

* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)

* (CVE-2009-3555): TLS: MITM attacks via session renegotiation

* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups

* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs

* 6910590: Application can modify command array in ProcessBuilder

* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability

* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- Bug fixes:

* Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock

* Increase ThreadStackSize by 512kb on 32-bit Zero platforms

* Check cacerts database is valid

* Fix for plugin buffer overflow: Mozilla bug 555342

* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code

Thu Mar 18 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#589021 - Better protect java stack

* openjdk-6-src-b17-stack-protector.patch

Thu Mar 4 13:00:00 2010 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.7

* openjdk6 b17 14_oct_2009
- Enabled NPPlugin - fix [bnc#582206]
- patches changes:

* obsolete java-1.6.0-openjdk-sparc-fixes.patch

* obsolete java-1.6.0-openjdk-sparc-hotspot.patch

* obsolete icedtea6-1.6-npplugin-xulrunner191.patch

* obsolete icedtea6-1.6-no-return-in-nonvoid-function.patch

* obsolete icedtea6-ecc-support-b387a64caa08.patch

* add a lot of patches fixes a build of openjdk6 with gcc4.5 using
- Werror -Wall
openjdk-6-src-b17-no-multiline-comments.patch
openjdk-6-src-b17-enumeration-value.patch
openjdk-6-src-b17-suggest-parentheses.patch
openjdk-6-src-b17-no-efect.patch
openjdk-6-src-b17-initialized-after.patch
openjdk-6-src-b17-unused-variable.patch

* openjdk-6-src-b17-no-werror.patch (suppress the errors in autogenerated
code)

* icedtea6-1.7-no-return-in-non-void.patch
- move the noarch content to %%{_datadir}/ and create symlinks in usual
locations
- move demo/jvmti to the -devel package as it contains so files
- enable the --short-circuit in %%install section
- new alternatives - policytool and policytool.1.gz

Tue Feb 9 13:00:00 2010 prusnakAATTsuse.cz
- enable noarch subpackages

Mon Nov 23 13:00:00 2009 mvyskocilAATTsuse.cz
- Removed openjdk-6-src-b14-confluence-crash.patch from source dir

Tue Nov 10 13:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#554069 - VUL-0: Icedtea6 1.6.2 released

* a lot of security patches in icedtea6-1.6.2

* Improved jar performance,
http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b35f1e5075a4
- Obsoleted java-1.6.0-openjdk-makefile.patch

Wed Oct 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#546468: openjdk fails on certificate creation
applied upstream patch icedtea6-ecc-support-b387a64caa08.patch
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356
- Moved back from npplugin, as its not mature
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=385#c5

Thu Oct 8 14:00:00 2009 mvyskocilAATTsuse.cz
- Use 1.6.0 instead of javamajver macro to supress percent in provides error.

Tue Sep 29 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#542545: added 32/64bit specific provides to be compatible with
other JVM and OpenOffice.org

Thu Sep 10 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.6 - fixes bnc#537969

* hospot 09f7962b8b44
- patches changes:

* added icedtea6-1.6-npplugin-xulrunner191.patch

* added java-1.6.0-openjdk-sparc-fixes.patch (from Fedora)

* added java-1.6.0-openjdk-sparc-hotspot.patch (from Fedora)

* added icedtea6-1.6-no-return-in-nonvoid-function.patch
(allows build on 11.1)

* regenerated java-1.6.0-openjdk-java-access-bridge-security.patch

* regenerated java-1.6.0-openjdk-makefile.patch

* removed icedtead6-1.5-npplugin-xulrunner191.patch

* removed java-1.6.0-openjdk-execvpe.patch

* removed java-1.6.0-openjdk-netx.patch

Wed Aug 19 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#530046 - jmap fails: NoSuchSymbolException: Could not find symbol
\"gHotSpotVMTypeEntryTypeNameOffset\"
keep non debug symbols in libjvm.so

Tue Aug 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea6-1.5.1 contains a lot of security fixes from Sun JDK6u15
This includes fixes for:

* bnc#524505: Vulnerability in OpenJDK/NetX

* bnc#514421: XML Signature weakness (HMAC truncation)
- Fixed bnc#521512: lcms pointer dereference
- Dropped some s390 patches, because they was obsoleted and not used
- Fixed bnc#525097 - openjdk installs dead .desktop files

* now removed
*.desktop from %%files of openjdk

Wed Jul 29 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:

* icedtea-1.5

* visualvm-111

* hotspot 25a020f13592
- Fixed bnc#525097 - openjdk installs dead .desktop files
- Remove archsuffix usage
- patches changes:

* added java-1.6.0-openjdk-accessible-toolkit.patch

* added java-1.6.0-openjdk-netx.patch

* added java-1.6.0-openjdk-execvpe.patch

* added icedtead6-1.5-nppplugin-xulrunner191.patch

* removed openjdk-6-src-b14-confluence-crash.patch

* refreshed java-1.6.0-openjdk-makefile.patch
- new features and fixes:

* Fixed security handling to prevent access denials when there is a site
specific exception in the policy file

* Allow extentions (chrome) to run Java code with full permissions

* Added non-trusted SSL support to WebStart (javaws)

* Added proxy support

* Other improvements that were breaking specific sites (tag parser fix,
nested jar support, etc.)

* Added JVM Console (used by http://chrispederick.com/work/web-developer/)

* Many gervill, java2d, nio2, pulse java, zero/shark, jtreg fixes.

* New IcedTeaNPPlugin

Thu Jun 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Merged fontfonfig for openjdk and Sun:

* Use Sazanami Mincho for monospaced fonts

* Added AWT X11 font paths

Mon May 25 14:00:00 2009 mvyskocilAATTsuse.cz
- Enabled systemtap only for jit architectures only
- Refreshed non-return-in-non-void ppc patch

Fri May 15 14:00:00 2009 mvyskocilAATTsuse.cz
- \'used systemtap-sdt-devel (see bnc#503088)\'

Thu May 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Change version system for openjdk, now it uses a
%%{javaver}.%%{buildver}_%{{openjdkver}
- Enabled systemtap support
- Moved jpackage macro definitions upper in spec

Wed May 13 14:00:00 2009 mvyskocilAATTsuse.cz
- updates:

* openjdk b16

* icedtea snapshot cc658d9f4a64

* hotspot snapshot fc6a5ae3fef5
- new features:

* systemtap support (not yet enabled in SUSE)

* removed gcjwebplugin

* fixed lcms breakage
https://bugs.openjdk.java.net/show_bug.cgi?id=100050

* fixes in JNLP runtime

* various improvements in support of third party VMs (shark, cacao, zero)
- patches changes:

* removed obsoleted pulseaudio patch

* added openjdk-6-src-b16-no-return-in-nonvoid-function.patch
- enabled tests
- build using xulrunner 1.9.1 on 11.2

Tue Apr 21 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#496378: openjdk has an empty keystore

Tue Apr 14 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#493146: pulse-java integer overflow

Tue Apr 7 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#492555: tomcat6 and confluence causes a JVM crash
http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/039a914095f4

Fri Apr 3 14:00:00 2009 mvyskocilAATTsuse.cz
- icedtea 1.4.1:
- Fixed version string: Set PRODUCT_NAME to OpenJDK, unless doing a CACAO
build (set to IcedTea).
- Plugin fixes: icedtead bug#264.
- Re-implemented visualvm.

Mon Mar 2 13:00:00 2009 mvyskocilAATTsuse.cz
- fixed ppc/ppc64 build bnc#471829 comment#28
- added openjdk-6-src-b14-no-return-in-nonvoid-function-ppc.patch


 
ICM