|
|
|
|
Changelog for java-1_6_0-openjdk-demo-1.6.0.44-lp150.6.24.x86_64.rpm :
* Fri Jan 26 2018 fstrbaAATTsuse.com- Modified patch: * icedtea6-1.13.13-b44.patch + Fix zero bootstrap build with ecj * Thu Nov 16 2017 fstrbaAATTsuse.com- Updated to OpenJDK6 jdk6-b44 * Security fixes: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8163520, CVE-2017-3509: Reuse cache entries - S8163958, CVE-2017-10102, bsc#1049316: Improved garbage collection - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167110, CVE-2017-3514: Windows peering issue - S8167223, CVE-2016-5552: URL handling improvements - S8167228: Update to libpng 1.6.28 - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8169011, CVE-2017-3526: Resizing XML parse trees - S8169209, CVE-2017-10053, bsc#1049305: Improved image post-processing steps - S8169392, CVE-2017-10067, bsc#1049306: Additional jar validation steps - S8170222, CVE-2017-3533: Better transfers of files - S8170966, CVE-2017-10081, bsc#1049309: Right parenthesis issue - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172204, CVE-2017-10087, bsc#1049311: Better Thread Pool execution - S8172299: Improve class processing - S8172461, CVE-2017-10089, bsc#1049312: Service Registration Lifecycle - S8172469, CVE-2017-10096, bsc#1049314: Transform Transformer Exceptions - S8173286, CVE-2017-10101, bsc#1049315: Better reading of text catalogs - S8173697, CVE-2017-10107, bsc#1049318: Less Active Activations - S8173770, CVE-2017-10074, bsc#1049307: Image conversion improvements - S8174098, CVE-2017-10110, bsc#1049321: Better image fetching - S8174105, CVE-2017-10108, bsc#1049319: Better naming attribution - S8174113, CVE-2017-10109, bsc#1049320: Better sourcing of code - S8174770: Check registry registration location - S8174873: Improved certificate processing - S8175106, CVE-2017-10115, bsc#1049324: Higher quality DSA operations - S8176055: JMX diagnostic improvements - S8176067, CVE-2017-10116, bsc#1049325: Proper directory lookup processing - S8176760, CVE-2017-10135, bsc#1049328: Better handling of PKCS8 material * Other - S4717864: setFont() does not update Fonts of Menus already on screen - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6592751: EmbeddedFrame disposal is fragile and breaks clean AppContext termination - S6858484: If an invalid HMAC XML Signature is validated, all subsequent valid HMAC signatures are invalid - S6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails under all platforms - S6885204: JSSE should not require Kerberos to be present - S6887710: Jar index should avoid putting META-INF in the INDEX.LIST - S6945961: SIGSEGV in memcpy() during class loading on linux-i586 - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7170169: (props) System.getProperty(\"os.name\") should return \"Windows 8\" when run on Windows 8 - S7173645: (props) System.getProperty(\"os.name\") should return \"Windows Server 2012\" for Windows Server 2012 - S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod - S8013434: Xalan and Xerces internal ObjectFactory need rework - S8020191: System.getProperty(\"os.name\") returns \"Windows NT (unknown)\" on Windows 8.1 - S8030787: [Parfait] JNI-related warnings from b119 for jdk/src/share/native/sun/awt/image - S8037287: Windows build failed after JDK-8030787 - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0 - S8075118: JVM stuck in infinite loop during verification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can\'t be shown on the menubar after clicking the \"Add\" button. - S8139565: Restrict certificates with DSA keys less than 1024 bits - S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions - S8140483: Atomic *FieldUpdaters final fields should be trusted - S8140587: Atomic *FieldUpdaters should use Class.isInstance instead of direct class check - S8143377: Test PKCS8Test.java fails - S8147842: IME Composition Window is displayed at incorrect location - S8148516: Improve the default strength of EC in JDK - S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception - S8150490: Update OS detection code to recognize Windows Server 2016 - S8151893: Add security property to configure XML Signature secure validation mode - S8155690: Update libPNG library to the latest up-to-date - S8156802: Better constraint checking - S8160108: Implement Serialization Filtering - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161571: Verifying ECDSA signatures permits trailing bytes - S8162461: Hang due to JNI up-call made whilst holding JNI critical lock - S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar - S8165230: RMIConnection addNotificationListeners failing with specific inputs - S8166393: disabledAlgorithms property should not be strictly parsed - S8166739: Improve extensibility of ObjectInputFilter information passed to the filter - S8166875: (tz) Support tzdata2016g - S8166878: Connection reset during TLS handshake - S8167179: Make XSL generated namespace prefixes local to transformation process - S8167459: Add debug output for indicating if a chosen ciphersuite was legacy - S8167472: Chrome interop regression with JDK-8148516 - S8167591: Add MD5 to signed JAR restrictions - S8168861: AnchorCertificates uses hardcoded password for cacerts keystore - S8168993: JDK8u121 L10n resource file update - S8169191: (tz) Support tzdata2016i - S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU - S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property - S8170268: 8u121 L10n resource file update - msgdrop 20 - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8171388: Update JNDI Thread contexts - S8173783: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn\'t work with IIS if NTLM cache is disabled - S8175072: [openjdk6] Kerberos JCK tests fail on systems without krb5.conf file - S8175251: Failed to load RSA private key from pkcs12 - S8176044: (tz) Support tzdata2017a - S8176731: JCK tests in api/javax_xml/transform/ spec conformance started failing after 8172469 - S8176769: Remove accidental spec change in jdk8u - S8177449: (tz) Support tzdata2017b - S8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set - S8180769: [openjdk6] JVM crashes when running with - showversion option - S8181591: 8u141 L10n resource file update - S8182054: Improve wsdl support- Added patch: * icedtea6-1.13.13-b44.patch - Modify icedtea patches to apply to the jdk6-b44 tree * Wed Jun 21 2017 fstrbaAATTsuse.com- Add openjdk-libjvm-link.patch and openjdk-libjvm-link-ecj.patch to link libjvm and libmawt with g++ to support the mix of GCC 6 java and GCC 7 C++ compiler.- Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available. * Tue Mar 07 2017 fstrbaAATTsuse.com- Update the buildver to correspond to what java reports * Wed Jan 11 2017 fstrbaAATTsuse.com- Updated to 1.13.13 * Security fixes - S8151921: Improved page resolution - S8155968: Update command line options - S8155973, CVE-2016-5542: Tighten jar checks - S8157176: Improved classfile parsing - S8157739, CVE-2016-5554: Classloader Consistency Checking - S8157749: Improve handling of DNS error replies - S8157753: Audio replay enhancement - S8158302: Handle contextual glyph substitutions - S8158993, CVE-2016-5568: Service Menu services - S8159495, PR3276: Fix index offsets - S8159503: Amend Annotation Actions - S8159511: Stack map validation - S8159515: Improve indy validation - S8159519, CVE-2016-5573: Reformat JDWP messages - S8160090: Better signature handling in pack200 - S8160094: Improve pack200 layout - S8160591, CVE-2016-5582: Improve internal array handling - S8160838, CVE-2016-5597: Better HTTP service * Import of OpenJDK6 b41 - S4787377: VK_STOP key on Solaris generates wrong Key Code - S4947220: (process)Runtime.exec() cannot invoke applications with unicode parameters(win) - S5036807: Pressing action keys \"STOP/AGAIN/COMPOSE\" generates keycode of F11/F12 keys. - S5099725: AWT doesn\'t seem to handle MappingNotify events under X11. - S5100701: Toolkit.getLockingKeyState() does not work on XToolkit, but works on Motif - S6324292: keytool -help is unhelpful - S6464022: Memory leak in JOptionPane.createDialog - S6501385: ColorChooser demo - two elemets have same mnemonic in it locale, GTK L&F - S6535697: keytool can be more flexible on format of PEM-encoded X.509 certificates - S6561126: keytool should use larger default keysize for keypairs - S6566218: l10n of 6476932 - S6606396: Notepad and Stylepad demos don\'t run in Japanese locale. - S6608456: need API to define RepaintManager per components hierarchy - S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java - S6675400: \"Details\" in English has to be \"Details\" in German - S6680988: KeyEvent is still missing VK values for many keyboards - S6683775: Painting artifacts is seen when panel is made setOpaque(false) for a translucent window - S6693507: There are unnecessary compilation warnings in the com.sun.java.swing.plaf.motif package - S6709758: keytool default cert fingerprint algorithm should be SHA1, not MD5 - S6711676: Numpad keys trigger more than one KeyEvent. - S6719382: Printing of AWT components on windows is not working - S6726866: Repainting artifacts when resizing or dragging JInternalFrames in non-opaque toplevel - S6727661: Code improvement and warnings removing from the swing/plaf packages - S6727662: Code improvement and warnings removing from swing packages - S6794764: Translucent windows are completely repainted on every paint event, on Windows - S6796710: Html content in JEditorPane is overlapping on swing components while resizing the application. [TEST FRAMEWORK ONLY] - S6802846: jarsigner needs enhanced cert validation(options) - S6867657: Many JSN tests do not run under cygwin - S6870812: enhance security tools to use ECC algorithms - S6871299: Shift+Tab no longer generates a KEY_TYPED event; used to with JRE 1.5 - S6871847: AlgorithmId.get(\"SHA256withECDSA\") not available - S6882559: new JEditorPane(\"text/plain\",\"\") fails for null context class loader - S6894719: (launcher)The option -no-jre-restrict-search is expected when -jre-no-restrict-search is documented. - S6901170: HttpCookie parsing of version and max-age mis-handled - S6911129: These tests do not work with CYGWIN: java/lang - S6922482: keytool\'s help on -file always shows \'output file\' - S6923681: Jarsigner crashes during timestamping - S6939248: Jarsigner can\'t extract Extended Key Usage from Timestamp Reply correctly - S6959252: convert the anonymous arrays to named arrays in Java List Resource files - S6969683: Generify ResolverConfiguration codes - S6980510: Fix for 6959252 broke JConsole mnemonic keys - S6982840: sun/security/tools/jarsigner/emptymanifest.sh fails - S6987827: security/util/Resources.java needs improvement - S6988163: sun.security.util.Resources dup and a keytool doc typo - S7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert - S7013850: Please change the mnemonic assignment system to avoid translation issue - S7017818: NLS: JConsoleResources.java cannot be handled by translation team - S7019937: Translatability bug - Remove Unused String - String ID , read end of file - S7019938: Translatability bug - Remove Unused String - String ID can not specify Principal with a - S7019940: Translatability bug - Remove unused string - String ID: provided null name - S7019942: Translatability bug - String ID: trustedCertEntry, - S7019945: Translatability bug - Translatability issue - String ID: * has NOT been verified! In order to veri - S7019947: Translatability bug - Translatability issue - String ID: * The integrity of the information stored i - S7019949: Translatability bug - Translatability issue - String ID: * you must provide your keystore password. - S7020531: test: java/security/cert/CertificateFactory/openssl/OpenSSLCert.java file not closed after run - S7021693: [ja, zh_CN] jconsole throws exception and fail to start in ja and zh_CN locales - S7022005: [ja,zh_CN] javadoc, part of navigation bar in generated html are not translated. - S7024118: possible hardcoded mnemonic for JFileChooser metal and motif l&f - S7025267: NLS: t13y fix for 7021689 [ja] Notepad demo throws NPE - S7028447: security-related resources Chinese translation errors - S7028490: better suggestion for jarsigner when TSA is not accessible - S7030174: Jarsigner should accept TSACert with an HTTPS id-ad-timeStamping SIA - S7032018: The file list in JFileChooser does not have an accessible name - S7032436: When running with the Nimbus look and feel, the JFileChooser does not display mnemonics - S7034259: [all] incorrect mnemonic keys in JCP automatic update advanced settings dialog. - S7034940: message drop 2 translation integration - S7035843: [zh_CN, ja] JConsole mnemonic keys don\'t work - S7038803: [CCJK] Incorrect mnemonic key (0) is displayed on cancel button on messagedialog of JOptionPane - S7038807: [CCJK] OK button on message dialog of JOptionpane is not translated - S7040228: [zh_TW] extra (C) on cancel button on File Chooser dialog - S7040257: [pt_BR,fr] Print dialog has duplicate mnemonic key. - S7042323: [sv, de, es, it] Print dialog has duplicate mnemonic key - S7042475: [ja,zh_CN] extra mnemonic key in jconsole - S7043548: message drop 3 translation integration - S7045132: sun.security.util.Resources_pt_BR.java translation error - S7045184: GTK L&F doesn\'t have hotkeys in jdk7 b141, while b139 has. - S7062969: java -help still shows http://java.sun.com/javase/reference - S7090158: Networking Libraries don\'t build with javac -Werror - S7090832: Some locale info are not localized for some languages. - S7093156: NLS Please change the mnemonic assignment system to avoid translation issue (Swing files) - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7109085: Test use hotkeys not intended for Mac - S7116786: RFE: Detailed information on VerifyErrors - S7124171: 7u4 l10n message update related to Mac OS X port - S7125055: ContentHandler.getContent API changed in error - S7132247: java/rmi/registry/readTest/readTest.sh failing with Cygwin - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7145375: 7u4 l10n message update related to langtools - S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows - S7146099: NLS: [de,es,it,ko,pt_BR]launcher_ * *.properties, double backslash issue. - S7149012: jarsigner needs not warn about cert expiration if the jar has a TSA timestamp - S7158712: Synth Property \"ComboBox.popupInsets\" is ignored - S7169226: NLS: Please change the mnemonic assignment system for windows and motif properties - S7174970: NLS [ccjk] Extra mnemonic keys at standard filechooserdialog (open and save) in metal L&F - S7175367: NLS: 7u6 message drop10 integration - S7176894: back out LocaleNames_xx.properties files from 7u6 message drop10 - S7178145: Change constMethodOop::_exception_table to optionally inlined u2 table. - S7181632: nsk classLoad001_14 failure and CompileTheWorld crash after 7178145. - S7182226: NLS: jdk7u6 message drop20 integration - S7183203: ShortRSAKeynnn.sh tests intermittent failure - S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S8000626: Implement dead key detection for KeyEvent on Linux - S8003890: corelibs test scripts should pass TESTVMOPTS - S8008764: 7uX l10n resource file translation update - S8009168: accessibility.properties syntax issue - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8010297: Missing isLoggable() checks in logging code - S8010782: clean up source files containing carriage return characters - S8014048: Online user guide of jconsole points incorrect link - S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux - S8015265: revise the fix for 8007037 - S8016579: (process) IOException thrown by ProcessBuilder.start() method is incorrectly encoded - S8019541: 7u40 l10n resource file translation update - S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo - S8023338: Update jarsigner to encourage timestamping - S8024302: Clarify jar verifications - S8024756: method grouping tabs are not selectable - S8026741: jdk8 l10n resource file translation update 5 - S8027787: 7u51 l10n resource file translation update 1 - S8030698: Several GUI labels in jconsole need correction - S8030878: JConsole issues meaningless message if SSL connection fails - S8035988: 7u60 l10n resource file translation update 1 - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8048147: Privilege tests with JAAS Subject.doAs - S8048357: PKCS basic tests - S8049171: Additional tests for jarsigner\'s warnings - S8055176: 7u71 l10n resource file translation update - S8057530: (process) Runtime.exec throws garbled message in jp locale - S8059177: jdk8u40 l10n resource file translation update 1 - S8065609: 7u76 l10n resource file translation update - S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given - S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 - S8078628, PR3152: Zero build fails with pre-compiled headers disabled - S8080628: No mnemonics on Open and Save buttons in JFileChooser - S8083601: jdk8u60 l10n resource file translation update 2 - S8140530, PR3276: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString - S8142926: OutputAnalyzer\'s shouldXXX() calls return this - S8143134: L10n resource file translation update - S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General - S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline - S8150611: Security problem on sun.misc.resources.Messages * - S8157077: 8u101 L10n resource file updates - S8157653: [Parfait] Uninitialised variable in awt_Font.cpp - S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 - S8159684: (tz) Support tzdata2016f - S8162411: Service Menu services 2 - S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 - S8162511: 8u111 L10n resource file updates - S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 - S8164452: 8u111 L10n resource file update - msgdrop 20 - S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm - S8166381: Back out changes to the java.security file to not disable MD5 - S8169448, PR3205: OpenJDK 6 fails to build without pre-compiled headers - S8171415: Remove Java 7 features from testlibrary - S8171954: Add stubs for sun.security.tools.KeyTool and sun.security.tools.JarSigner - S8172159: Remove AATTOverride annotation on interfaces added by b41 updates - S8172252: Remove over-zealous switch to for-each loop in SortingFocusTraversalPolicy * Backports - S6974985, PR3276: Java2Demo threw exceptions when xrender enabled in OEL5.5 - S6985593, PR3276: Crash in Java_sun_java2d_loops_MaskBlit_MaskBlit on oel5.5-x64 * Bug fixes - PR3174: systemtap: type definition \'symbolOopDesc\' not found - PR3175: invalid zip timestamp handling leads to error updating JAR files - PR3213: Disable ARM32 JIT by default - PR3275: Update generated files after OpenJDK 6 b41 update- Modified patch: * openjdk-6-src-b17-no-efect.patch * icedtea6-1.13.11-aarch64.patch -> icedtea6-1.13.13-aarch64.patch - rediff to change in context * Thu Aug 25 2016 fstrbaAATTsuse.com- Updated to 1.13.12 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking - S8149962, CVE-2016-3508: Better delineation of XML processing - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams - S8155981, CVE-2016-3606: Bolster bytecode verification * Import of OpenJDK6 b40 - S6496269: Many warnings generated from com/sun/java/util/jar/pack/ *.cpp when compiled on Linux - S6522789: [zh_CN] translation of \"enclosing class\" in doclet is incorrect - S6575373: Error verifying signatures of pack200 files in some cases [TEST ONLY] - S6579775: l10n update after 6212566 - S6600143: Remove another 450 unnecessary casts - S6611629: Avoid hardcoded cygwin paths for memory detection - S6690018: RSAClientKeyExchange NullPointerException - S6712743: pack200: should default to 150.7 pack format for classfiles without any classes. - S6714842: CertPathBuilder returns incorrect CertPath for BasicConstraints in builderParams - S6726309: Compiler warnings in nio code - S6727683: Cleanup use of COMPILER_WARNINGS_FATAL in makefiles - S6755847: (launcher) will trigger assertions in debug build - S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected - S6858127: Missing -DNDEBUG on Linux and Windows native code compiles - S6864028: Update the java launcher to use the new entry point JVM_FindClassFromBootLoader - S6875904: Java 7 message synchronization 1 - S6882437: CertPath/X509CertPathDiscovery/Test fails on jdk7/pit/b62 - S6888127: java.util.jar.Pack200.Packer Memory Leak - S6888925: SunMSCAPI\'s Cipher can\'t use RSA public keys obtained from other sources. - S6889552: Sun provider should not require LDAP CertStore to be present - S6941936: Broken pipe error of test case DNSIdentities.java [Test only] - S6951599: Rename package of security tools for modularization - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S6958026: Problem with PKCS12 keystore - S6966737: (pack200) the pack200 regression tests need to be more robust. - S6982312: (pack200) pack200 fails with the jdk7 class files - S6985763: Pack200.Packer.pack(...) and Pack200.Unpacker.unpack(...) throw unspecified exceptions - S6990106: FindBugs scan - Malicious code vulnerability Warnings in com.sun.java.util.jar.pack. * - S6994413: JDK_GetVersionInfo0 only expects a two digit build number - S7000752: Duplicate entry in RowSetResourceBundles.properties - S7001094: Can\'t initialize SunPKCS11 more times than PKCS11 driver maxSessionCount - S7003227: (pack200) intermittent failures compiling pack200 - S7004706: l10n of 7000752 Duplicate entry in RowSetResourceBundles.properties - S7006704: (pack200) add missing file for 6990106 - S7011497: Improve trust anchor searching method during cert path validation - S7017734: jdk7 message drop 1 translation integration - S7023416: (pack200) fix parfait issues - S7029680: fix test/sun/misc/Version/Version.java build parsing - S7038175: Expired PKITS certificates causing CertPathBuilder and CertPathValidator regression test failures - S7050826, PR2956, RH1334465: Hebrew characters are not rendered on OEL 5.6 - S7055363: jdk_security3 test target cleanup - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don\'t build with javac -Xlint:all,-deprecation -Werror - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java failing - S7092825: javax.crypto.Cipher.Transform.patternCache is synchronizedMap and became scalability bottleneck. - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7107613: scalability blocker in javax.crypto.CryptoPermissions - S7107616: scalability blocker in javax.crypto.JceSecurityManager - S7109274: Restrict the use of certificates with RSA keys less than 1024 bits - S7129083: CookieManager does not store cookies if url is read before setting cookie manager - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7166955: (pack200) JNI_GetCreatedJavaVMs needs additional checking - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009634: TEST_BUG: sun/misc/Version/Version.java handle 2 digit minor in VM version - S8010166: TEST_BUG: fix for 8009634 overlooks possible version strings (sun/misc/Version/Version.java) - S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022594: Potential deadlock in of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8026794: Test tools/pack200/TimeStamp.java fails while opening golden.jar.native.IST on linux-ppc(v2) - S8027026: Change keytool -genkeypair to use -keyalg RSA - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending - S8029646: [pack200] should support the new zip64 format. - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8074839: Resolve disabled warnings for libunpack and the unpack200 binary - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8140344: add support for 3 digit update release numbers - S8144313: Test SessionTimeOutTests can be timeout - S8145017: Add support for 3 digit hotspot minor version numbers - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3099: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. - S8162344: The API changes made by CR 7064075 need to be reverted - S8162818: Sync src/share/native/com/sun/media code with OpenJDK 7 - S8162828: Sync imageioJPEG.c with initial OpenJDK 7 version - S8163022, PR2954: Remove AATTOverride annotation on interfaces added by 2016/04 security fixes - S8164181: Remove AATTOverride annotation on interfaces added by 2016/07 security fixes - S8164426: Normalise whitespace in src/share/classes/com/sun/java/util/jar/pack - S8164554: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java still failing - S8164555: pack200: Leave ZipFile open on exceptions * Backports - S2178143, PR2959: JVM crashes if the number of bound CPUs changed during runtime - S6260348, PR3068: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6961123, PR2975: setWMClass fails to null-terminate WM_CLASS string * Bug fixes - PR2800: Files are missing from resources.jar - PR2954: ecj/override.patch is missing new AATTOverrides in RMIJRMPServerImpl.java - PR2961: Latest security update broke bundled LCMS2 build - PR2962: System default check doesn\'t match all GNU/Linux systems - PR2969: ENABLE_SYSTEM_LCMS is not defined if ENABLE_LCMS2 is not set - PR3092: SystemTap is heavily confused by multiple JDKs - PR3117: Add tests for Java debug info and source files - PR3129: pax-mark-vm script calls \"exit -1\" which is invalid in dash - PR3130: Avoid giving PAX_COMMAND a value if no PaX utility is available - PR3132: PaX marking fails on filesystems which don\'t support extended attributes - PR3137: GTKLookAndFeel does not honor gtk-alternative-button-order - PR3140: Pass $(CC) and $(CXX) to OpenJDK build - PR3142: Don\'t assume system mime.types supports text/x-java-source - PR3144: Test subdirectory of build tree not emptied Tue 10 May 07:17:51 UTC 2016 - fstrbaAATTsuse.com- Updated to 1.13.11 * Security fixes - S8129952, CVE-2016-0686: Ensure thread consistency - S8132051, CVE-2016-0687: Better byte behavior - S8138593, CVE-2016-0695: Make DSA more fair - S8139008: Better state table management - S8143167, CVE-2016-3425: Better buffering of XML strings - S8144430, CVE-2016-3427: Improve JMX connections - S8146494: Better ligature substitution - S8146498: Better device table adjustments * Import of OpenJDK6 b39 - S4459600: java -jar fails to run Main-Class if classname followed by whitespace. - S6378099: RFE: Use libfontconfig to create/synthesise a fontconfig.properties - S6452854: Provide a flag to print the java configuration - S6742159: (launcher) improve the java launching mechanism - S6752622: java.awt.Font.getPeer throws \"java.lang.InternalError: Not implemented\" on Linux - S6758881: (launcher) needs to throw NoClassDefFoundError instead of JavaRuntimeException - S6856415: Enabling java security manager will make program thrown wrong exception ( main method not found ) - S6892493: potential memory leaks in 2D font code indentified by parfait. - S6925851: Localize JRE into pt_BR (corba) - S6968053: (launcher) hide exceptions under certain launcher failures - S6977738: Deadlock between java.lang.ClassLoader and java.util.Properties - S6981001: (launcher) EnsureJREInstallation is not being called in order - S7017734: jdk7 message drop 1 translation integration - S7026184: (launcher) Regression: class with unicode name can\'t be launched by java. - S7104161: test/sun/tools/jinfo/Basic.sh fails on Ubuntu - S7125442: jar application located in two bytes character named folder cannot be run with JRE 7 u1/u2 - S7127906: (launcher) convert the launcher regression tests to java - S7141141: Add 3 new test scenarios for testing Main-Class attribute in jar manifest file - S7158988: jvm crashes while debugging on x86_32 and x86_64 - S7189944: (launcher) test/tools/launcher/Arrrrghs.java needs a couple of minor fixes - S7193318: C2: remove number of inputs requirement from Node\'s new operator - S8002116: This JdbReadTwiceTest.sh gets an exit 1 - S8004007: test/sun/tools/jinfo/Basic.sh fails on when runSA is set to true - S8023990: Regression: postscript size increase from 6u18 - S8027705: com/sun/jdi/JdbMethodExitTest.sh fails when a background thread is generating events. - S8028537: PPC64: Updated the JDK regression tests to run on AIX - S8036132: Tab characters in test/com/sun/jdi files - S8038963: com/sun/jdi tests fail because cygwin\'s ps sometimes misses processes - S8044419: TEST_BUG: com/sun/jdi/JdbReadTwiceTest.sh fails when run under root - S8059661: Test SoftReference and OOM behavior - S8067364: Printing to Postscript doesn\'t support dieresis - S8072753: Nondeterministic wrong answer on arithmetic - S8073735: [TEST_BUG] compiler/loopopts/CountedLoopProblem.java got OOME - S8074146: [TEST_BUG] jdb has succeded to read an unreadable file - S8075584: test for 8067364 depends on hardwired text advance - S8134297: NPE in GSSNameElement nameType check - S8134650: Xsl transformation gives different results in 8u66 - S8141229: [Parfait] Null pointer dereference in cmsstrcasecmp of cmserr.c - S8143002: [Parfait] JNI exception pending in fontpath.c:1300 - S8146477: [TEST_BUG] ClientJSSEServerJSSE.java failing again - S8146967: [TEST_BUG] javax/security/auth/SubjectDomainCombiner/Optimize.java should use 4-args ProtectionDomain constructor - S8147567: InterpreterRuntime::post_field_access not updated for boolean in JDK-8132051 - S8148446: (tz) Support tzdata2016a - S8148475: Missing SA Bytecode updates. - S8149170: Better byte behavior for native arguments - S8149367: PolicyQualifierInfo/index_Ctor JCk test fails with IOE: Invalid encoding for PolicyQualifierInfo - S8150012: Better byte behavior for reflection - S8150790: 8u75 L10n resource file translation update - S8154210: Zero: Better byte behaviour - S8155261: Zero broken since HS23 update - S8155699: Resolve issues created by backports in OpenJDK 6 b39 - S8155746: Sync Windows export list in make/java/jli/Makefile with make/java/jli/mapfile-vers * Backports - S6863746, PR2951: javap should not scan ct.sym by default - S8071705, PR2820, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2868, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2887: Location of \'stap\' executable is hard-coded - PR2890: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) - PR2952: test/tapset/jstaptest.pl requires Perl - PR2953: make dist fails after PR2887 made jstaptest.pl auto-generated- Modified patch: * icedtea6-1.13.7-aarch64.patch -> icedtea6-1.13.11-aarch64.patch - Rediff to the new context * Fri Jan 22 2016 fstrbaAATTsuse.com- Updated to 1.13.10 * Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays * Import of OpenJDK6 b38 - OJ69: Windows build broken after b37 changes - OJ70: Allow versions of ALSA >= 1.1.0 - S6720721: CRL check with circular depency support needed - S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected [Tests only] - S7166570: JSSE certificate validation has started to fail for certificate chains - S7167988: PKIX CertPathBuilder in reverse mode doesn\'t work if more than one trust anchor is specified - S7171223: Building ExtensionSubtables.cpp should use - fno-strict-aliasing - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException - S8074068: Cleanup in src/share/classes/sun/security/x509/ - S8075773: jps running as root fails after the fix of JDK-8050807 - S8081297: SSL Problem with Tomcat - S8134605: Partial rework of the fix for 8081297 - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field\'s type is missing - S8138716: (tz) Support tzdata2015g - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2 - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure - S8144955: Wrong changes were pushed with 8143942 - S8145551: Test failed with Crash for Improved font lookups - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp * Backports - S7169111, PR2757: Unreadable menu bar with Ambiance theme in GTK L&F - S8140620, PR2711: Find and load default.sf2 as the default soundbank on Linux * Mon Nov 16 2015 fstrbaAATTsuse.com- Updated to 1.13.9 * Security fixes - S8048030, CVE-2015-4734: Expectations should be consistent - S8068842, CVE-2015-4803: Better JAXP data handling - S8076339, CVE-2015-4903: Better handling of remote object invocation - S8076383, CVE-2015-4835: Better CORBA exception handling - S8076387, CVE-2015-4882: Better CORBA value handling - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency - S8076413, CVE-2015-4883: Better JRMP message handling - S8078427, CVE-2015-4842: More supportive home environment - S8078440: Safer managed types - S8080541: More direct property handling - S8080688, CVE-2015-4860: Service for DGC services - S8081760: Better group dynamics - S8086733, CVE-2015-4893: Improve namespace handling - S8087350: Improve array conversions - S8103671, CVE-2015-4805: More objective stream classes - S8103675: Better Binary searches - S8130078, CVE-2015-4911: Document better processing - S8130193, CVE-2015-4806: Improve HTTP connections - S8130864: Better server identity handling - S8130891, CVE-2015-4843: (bf) More direct buffering - S8131291, CVE-2015-4872: Perfect parameter patterning - S8132042, CVE-2015-4844: Preserve layout presentation * Import of OpenJDK6 b37 - OJ64: Backport hashtable to map changes from jaxp - OJ65: Remove AATTOverride annotation on interfaces added by 2015/10/20 security fixes - OJ66: Revert 7110373 & 7149751 test removals now 6706974 is present (krb5 test infrastructure) - OJ67: Fix copyright headers on imported files - OJ68: Ensure SharedSecrets are initialised - S6570619: (bf) DirectByteBuffer.get/put(byte[]) does not scale well - S6590930: reed/write does not match for ccache - S6648972: KDCReq.init always read padata - S6676075: RegistryContext (com.sun.jndi.url.rmi.rmiURLContext) coding problem - S6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms - S6710360: export Kerberos session key to applications - S6733095: Failure when SPNEGO request non-Mutual - S6785456: Read Kerberos setting from Windows environment variables - S6821190: more InquireType values for ExtendedGSSContext - S6843127: krb5 should not try to access unavailable kdc too often - S6844193: support max_retries in krb5.conf - S6844907: krb5 etype order should be from strong to weak - S6844909: support allow_weak_crypto in krb5.conf - S6849275: enhance krb5 reg tests - S6853328: Support OK-AS-DELEGATE flag - S6854308: more ktab options - S6856069: PrincipalName.clone() does not invoke super.clone() - S6857795: krb5.conf ignored if system properties on realm and kdc are provided - S6857802: GSS getRemainingInitLifetime method returns milliseconds not seconds - S6858589: more changes to Config on system properties - S6862679: ESC: AD Authentication with user with umlauts fails - S6877357: IPv6 address does not work - S6888701: Change all template java source files to a .java-template file suffix - S6893158: AP_REQ check should use key version number - S6907425: JCK Kerberos tests fail since b77 - S6919610: KeyTabInputStream uses static field for per-instance value - S6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication - S6946669: SSL/Krb5 should not call EncryptedData.reset(data, false) - S6950546: \"ktab -d name etype\" to \"ktab -d name [-e etype] [kvno | all | old]\" - S6951366: kerberos login failure on win2008 with AD set to win2000 compat mode - S6952519: kdc_timeout is not being honoured when using TCP - S6959292: regression: cannot login if session key and preauth does not use the same etype - S6960894: Better AS-REQ creation and processing - S6966259: Make PrincipalName and Realm immutable - S6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest started to fail since jdk7 b102 - S6984764: kerberos fails if service side keytab is generated using JDK ktab - S6997740: ktab entry related test compilation error - S7018928: test failure: sun/security/krb5/auto/SSL.java - S7032354: no-addresses should not be used on acceptor side - S7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem - S7142596: RMI JPRT tests are failing - S7157610: NullPointerException occurs when parsing XML doc - S7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds() - S7197159: accept different kvno if there no match - S8004317: TestLibrary.getUnusedRandomPort() fails intermittently, but exception not reported - S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently - S8006534: CLONE - TestLibrary.getUnusedRandomPort() fails intermittently-doesn\'t retry enough times - S8014097: add doPrivileged methods with limited privilege scope - S8021191: Add isAuthorized check to limited doPrivileged methods - S8022213: Intermittent test failures in java/net/URLClassLoader - S8028583: Add helper methods to test libraries - S8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt - S8058608: JVM crash during Kerberos logins using des3-cbc-md5 on OSX - S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC - S8072932: Test fails with java.security.AccessControlException: access denied (\"java.security.SecurityPermission\" \"getDomainCombiner\") - S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java - S8079323: Serialization compatibility for Templates: need to exclude Hashtable from serialization - S8087118: Remove missing package from java.security files - S8098547: (tz) Support tzdata2015e - S8130253: ObjectStreamClass.getFields too restrictive - S8133196, RH1251935: HTTPS hostname invalid issue with InetAddress - S8133321: (tz) Support tzdata2015f - S8135043: ObjectStreamClass.getField(String) too restrictive * Backports - S6440786, PR363: Cannot create a ZIP file containing zero entries - S6599383, PR363: Unable to open zip files more than 2GB in size - S6763122, PR363: ZipFile ctor does not throw exception when file is not a zip file - S6929479, PR363: Add a system property sun.zip.disableMemoryMapping to disable mmap use in ZipFile - S7105461, PR2662: Large JTables are not rendered correctly with Xrender pipeline - S7150134, PR2662: JCK api/java_awt/Graphics/index.html#DrawLine fails with OOM for jdk8 with XRender pipeline * Bug fixes - PR2513: Reset success following calls in LayoutManager.cpp- Renamed file: * generate-cleaned-zip.sh -> generate-cleaned.sh - it is not a zip, but a tarball * Tue Aug 18 2015 fstrbaAATTsuse.com- Updated to 1.13.8 * Security fixes - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites - S8067694, CVE-2015-2625: Improved certification checking - S8071715, CVE-2015-4760: Tune font layout engine - S8071731: Better scaling for C1 - S8072490: Better font morphing redux - S8072887: Better font handling improvements - S8073334: Improved font substitutions - S8073773: Presume path preparedness - S8073894: Getting to the root of certificate chains - S8074330: Set font anchors more solidly - S8074335: Substitute for substitution formats - S8074865, CVE-2015-2601: General crypto resilience changes - S8074871: Adjust device table handling - S8075374, CVE-2015-4748: Responding to OCSP responses - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling - S8075738: Better multi-JVM sharing - S8075838: Method for typing MethodTypes - S8075853, CVE-2015-2621: Proxy for MBean proxies - S8076328, CVE-2015-4000: Enforce key exchange constraints - S8076376, CVE-2015-2628: Enhance IIOP operations - S8076397, CVE-2015-4731: Better MBean connections - S8076401, CVE-2015-2590: Serialize OIS data - S8076405, CVE-2015-4732: Improve serial serialization - S8076409, CVE-2015-4733: Reinforce RMI framework - S8077520, CVE-2015-2632: Morph tables into improved form - PR2488, CVE-2015-4000: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize * Import of OpenJDK6 b36 - OJ58: Allow OpenJDK to build on PaX-enabled kernels - OJ59: Only apply PaX-marking when needed by a running PaX kernel - OJ60, PR2484: Disable export ciphers by default - OJ61: Remove translation strings for ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn\'t exist in OpenJDK 6 - OJ62, PR2552: Restrict key size of RSA certificates to >= 1024 - OJ63: Remove AATTOverride annotation on interfaces added by 2015/07/14 security fixes. - S6787645: CRL validation code should permit some clock skew when checking validity of CRLs - S6996365: Evaluate the priorities of cipher suites - S7185471: Avoid key expansion when AES cipher is re-init w/ the same key - S8007142: Add utility classes for writing better multiprocess tests in jtreg - S8008089: Delete OS dependent check in JdkFinder.getExecutable() - S8024861: Incomplete token triggers GSS-API NullPointerException - S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector - S8036786: Update jdk7 testlibrary to match jdk8 - S8042205: javax/management/monitor/ *: some tests didn\'t get all the notifications - S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine - S8043200, PR2485: Decrease the preference mode of RC4 in the enabled cipher suite list - S8043201: Deprecate RC4 in SunJSSE provider - S8046817: JDK 8 schemagen tool does not generate xsd files for enum types - S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred - S8050158: Introduce system property to maintain RC4 preference order - S8062923: XSL: Run-time internal error in \'substring()\' - S8062924: XSL: wrong answer from substring() function - S8064546: CipherInputStream throws BadPaddingException if stream is not fully read - S8065764: javax/management/monitor/CounterMonitorTest.java hangs - S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs - S8073357: schema1.xsd has wrong content. Sequence of the enum values has been changed - S8073385: Bad error message on parsing illegal character in XML attribute - S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris Sparc - S8074297: substring in XSLT returns wrong character if string contains supplementary chars - S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java failed in certain env. - S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in certain env. - S8075667: (tz) Support tzdata2015b - S8076290: JCK test api/xsl/conf/string/string17 starts failing after JDK-8074297 - S8077685: (tz) Support tzdata2015d - S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with BindException - S8078439: SPNEGO auth fails if client proposes MS krb5 OID - S8078666, PR2327: JVM fastdebug build compiled with GCC 5 asserts with \"widen increases\" - S8080318: jdk8u51 l10n resource file translation update - S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4 dependencies - S8081775: two lib/testlibrary tests are failing with \"Error. failed to clean up files after test\" with jtreg 4.1 b12 * Backports - S4890063, PR2306, RH1214835: HPROF: default text truncated when using doe=n option - S6562614, PR2555: Compiler warnings for gettimeofday in Inet4/Inet6AddressImpl.c - S6956398, PR2486: make ephemeral DH key match the length of the certificate key - S6989466, PR2555: Miscellaneous compiler warnings in java/lang, java/util, java/io, sun/misc native code - S6991580, PR2309: IPv6 Nameservers in resolv.conf throws NumberFormatException - S6997561, PR2479: A request for better error handling in JNDI - S7007905, PR2298: javazic produces wrong line numbers - S7017176, PR2479: Several JNDI tests are mssing GPL header - S7058708, PR2298: Eliminate JDK build tools build warnings - S7069870, PR2298: Parts of the JDK erroneously rely on generic array initializers with diamond - S7090844, PR2298: Support a timezone whose offset is changed more than once in the future - S7094377, PR2479: Com.sun.jndi.ldap.read.timeout doesn\'t work with ldaps. - S7133138, PR2298: Improve io performance around timezone lookups - S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field. - S8000487, PR2479: Java JNDI connection library on ldap conn is not honoring configured timeout - S8011709, PR2510: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp - S8023052, PR2510: JVM crash in native layout - S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working - S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request - S8042855, PR2510: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp - S8042857, PR2479: 14 stuck threads waiting for notification on LDAPRequest - S8065238, PR2479: javax.naming.NamingException after upgrade to JDK 8 - S8074761, PR2469: Empty optional parameters of LDAP query are not interpreted as empty - S8078654, PR2334: CloseTTFontFileFunc callback should be removed - S8081315, PR2406: Avoid giflib interlacing workaround with giflib 5.0.0 on - S8081475, PR2495: SystemTap does not work when JDK is compiled with GCC 5 - S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms. * Bug fixes - PR2319: Checksum of policy JAR files changes on every build - PR2340: Fail early if there is no native HotSpot JIT & all other options are disabled - PR2342: Update README & INSTALL files - PR2360: Ensure all stamp targets have aliases - PR2391: Make elliptic curve removal optional - PR2460: Policy JAR files should be timestamped with the date of the policy file they hold - PR2481, RH489586, RH1236619: OpenJDK can\'t handle spaces in zone names in /etc/sysconfig/clock - PR2486: JSSE server is still limited to 768-bit DHE - PR2508, G541462: Only apply PaX markings by default on running PaX kernels - PR2556, G390663: Update Gentoo font configuration and allow font directory to be specified - PR2559: generated directory gets confused with generated alias - PR2565: Replace ipv4-mapped-ipv6-addresses.patch with upstream fix 6882910 * CACAO - PR829: Raise javadoc and JAVAC_FLAGS memory limits for CACAO * JamVM - PR2522: Add executable stack markings to callNative.S on JamVM- Removed patches * signed-overflow.patch, signed-overflow-ecj.patch * zero-dummy.patch, zero-dummy-ecj.patch * implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch - Included within icedtea 1.13.8 * Thu Jun 18 2015 tchvatalAATTsuse.com- Use priority matching to ibm-java, always 5 bigger than it * Tue Jun 16 2015 fstrbaAATTsuse.com- Added patches: * signed-overflow.patch, signed-overflow-ecj.patch - Fix OOM in hotspot when built with gcc5 * zero-dummy.patch, zero-dummy-ecj.patch - Fix crash with gcc5 built ZERO JVM * implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch - Fix implicit-fortify-decl rpmlint error * Wed Apr 15 2015 fstrbaAATTsuse.com- Update to 1.13.7 * Security fixes - S8059064: Better G1 log caching - S8060461: Fix for JDK-8042609 uncovers additional issue - S8064601, CVE-2015-0480: Improve jar file handling - S8065286: Fewer subtable substitutions - S8065291: Improved font lookups - S8066479: Better certificate chain validation - S8067050: Better font consistency checking - S8067684: Better font substitutions - S8067699, CVE-2015-0469: Better glyph storage - S8068320, CVE-2015-0477: Limit applet requests - S8068720, CVE-2015-0488: Better certificate options checking - S8069198: Upgrade image library - S8071726, CVE-2015-0478: Better RSA optimizations - S8071818: Better vectorization on SPARC - S8071931, CVE-2015-0460: Return of the phantom menace * Import of OpenJDK6 b35 - OJ55: Synchronise whitespace in TimeZoneNames files with OpenJDK 7 versions. - OJ56: Update 3rd party readme and license for LibPNG v 1.6.16 - OJ57: Remove mistakenly added patching fragment - S6672144: HttpURLConnection.getInputStream sends POST request after failed chunked - S6989721: awt native code compiler warnings - S7088287: libpng need to be updated. - S7090424: TestGlyphVectorLayout failed automately with java.lang.StackOverflowError - S7170655: Frame size does not follow font size change with XToolkit - S7176479: G1: JVM crashes on T5-8 system with 1.5 TB heap - S8019623: Lack of synchronization in AppContext.getAppContext() - S8040790: [TEST_BUG] tools/javac/innerClassFile/Driver.sh fails to cleanup files after it - S8043123: Hard crash with access violation exception when blitting to very large image - S8051359: JPopupMenu creation in headless mode with JDK9b23 causes NPE - S8064454: [TEST_BUG] Test tools/javac/innerClassFile/Driver.sh fails for Mac and Linux - S8065072: sun/net/www/http/HttpClient/StreamingRetry.java failed intermittently - S8065709: Deadlock in awt/logging apparently introduced by 8019623 - S8072042: (tz) Support tzdata2015a - S8074662: Update 3rd party readme and license for LibPNG v 1.6.16 - S8075211: [TEST_BUG] Test sun/net/www/http/HttpClient/StreamingRetry.java fails with compilation error * Backports - S6584008, PR2195, RH1173326: jvmtiStringPrimitiveCallback should not be invoked when string value is null - S7199862, PR2198: Make sure that a connection is still alive when retrieved from KeepAliveCache in certain cases - S8074312, PR2255: Enable hotspot builds on Linux 4.x * Bug fixes - PR2197: jhat man page has broken URL - PR2201: Support giflib 5.1.0 - PR2211: DGifCloseFile call should check the return value, not the error code, for failure - PR2226: giflib 5.1 conditional excludes 6.0, 7.0, etc. - PR2294: Auto-generated jconsole.desktop and policytool.desktop should not be included in release tarball- Remove upstreamed patch: * system-giflib51.patch- Remove patch: * icedtea6-1.13.6-aarch64.patch- Replaced by added * icedtea6-1.13.7-aarch64.patch * Mon Jan 26 2015 fstrbaAATTsuse.com- Added patch: * icedtea6-1.13.6-aarch64.patch - restore and rediff a patch that is not yet integrated upstream * Mon Jan 26 2015 fstrbaAATTsuse.com- Update to 1.13.6 * Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: (ref) More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols - S8049253: Better GC validation - S8050807, CVE-2015-0383: Better performing performance data handling - S8054367, CVE-2015-0412: More references for endpoints - S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel - S8055309, CVE-2015-0408: RMI needs better transportation considerations - S8055479: TLAB stability - S8055489, CVE-2014-6585: Better substitution formats - S8056264, CVE-2014-6587: Multicast support improvements - S8056276, CVE-2014-6591: Fontmanager feature improvements - S8057555, CVE-2014-6593: Less cryptic cipher suite management - S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial - S8059485, CVE-2015-0410: Resolve parsing ambiguity - S8061210, CVE-2014-3566: Issues in TLS * Import of OpenJDK6 b34 - OJ43: Backport JAX_WS-945; Socket backlog may be limiting lwhs performance - OJ44: Add missing TimeZone test cases included in OpenJDK 7 revision 0. - OJ45: Fix copyright headers on imported files - OJ46: Fix lost Classpath exception - OJ47: Remove AATTOverride annotation on interfaces added by 2015/01/20 security fixes. - OJ48: Fix substitution error. - OJ49: Fix placement of 8023956 fix. - OJ50: Fix reference to missing pd_attempt_reserve_memory_at - S4873188: Support TLS 1.1 - S6364329: jstat displays \"invalid argument count\" with usage - S6461635: [TESTBUG] BasicTests.sh test fails intermittently - S6507067: TimeZone country/area message error - S6545422: [TESTBUG] NativeErrors.java uses wrong path name in exec - S6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() - S6585666: Spanish language names not compliant with CLDR - S6587676: Krb5LoginModule failure if useTicketCache=true on Vista - S6608572: Currency change for Malta and Cyprus - S6610748: Dateformat - AM-PM indicator in Finnish appears to be from English - S6627549: ISO 3166 code addition: Saint Barthelemy and Saint Martin - S6631048: Problem when writing on output stream of HttpURLConnection - S6641309: Wrong Cookie separator used in HttpURLConnection - S6641312: Fix krb5 codes indentation problems - S6645271: Wrong date format for Croatian (hr) locale - S6646611: Incorrect spelling of month name in locale for Belarusian language (\"be\", \"BY\") - S6647452: Remove obfuscation, framework and provider self-verification checking - S6653795: C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems - S6659779: HttpURLConnections logger should log tunnel requests - S6670362: HTTP/SPNEGO should work across realms - S6716626: Integrate contributed language and country names for NL - S6720866: Slow performance using HttpURLConnection for upload - S6726695: HttpURLConnection shoul support \'Expect: 100-continue\' headers for PUT - S6729881: Compiler warning in networking native code - S6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. - S6776102: sun/util/resources/TimeZone/Bug6317929.java test failed against 6u12b01 and passed against 6u11b03 - S6786276: Locale.getISOCountries() still contains country code \"CS\" - S6792180: Enhance to reject weak algorithms or conform to crypto recommendations - S6811297: Add more logging to HTTP protocol handler - S6822460: support self-issued certificate - S6830658: Changeset 67e5d3e41b5b breaks the fastdebug build in NativeCreds.c - S6835668: Use of /usr/include/linux/ files creates a dependence on kernel-headers - S6855297: Windows build breaks after 6811297 - S6856856: NPE in HTTP protocol handler logging - S6868106: Ukrainian currency has wrong format - S6870908: reopen bug 4244752: month names in Estonian should be lowercase - S6873931: New Turkish currency since 2009 - S6882594: Remove static dependancy on NTLM authentication - S6899503: Security code issue using Verisign root certificate - S6910489: Slovenia Locale, wrong firstDayOfWeek number - S6911104: Tests do not work with CYGWIN: tools, sun/tools, and com/sun/tools - S6914413: abbreviation name for November is not correct in be_BY - S6916787: Ukrainian currency name needs to be fixed - S6919624: minimalDaysInFirstWeek ressource for hungarian is wrong - S6931564: Incorrect display name of Locale for south africa - S6931566: NetworkInterface is not working when interface name is more than 15 characters long - S6938454: 2 new testcases for bug: Unable to determine generic type in program that compiles under Java 6 - S6938454: Unable to determine generic type in program that compiles under Java 6 - S6945604: wrong error message in CardImpl.java - S6962617: Testcase changes, cleanup of problem list for jdk_tools targets - S6964714: NetworkInterface getInetAddresses enumerates IPv6 addresses if java.net.preferIPvStack property set - S6967937: Scope id no longer being set after 6931566 - S6972374: NetworkInterface.getNetworkInterfaces throws \"java.net.SocketException\" on Solaris zone - S6976117: SSLContext.getInstance(\"TLSv1.1\") returns SSLEngines/SSLSockets without TLSv1.1 enabled - S7001720: copyright templates not rebranded - S7019267: Currency Display Names are not localized into pt_BR - S7020583: Some currency names are missing in some locales - S7020960: CurrencyNames_sr_RS.properties is missing - S7022269: clean up fscanf usage in Linux networking native code - S7025837: fix plural currency display names in sr_Latn_(BA|ME|RS).properties - S7028073: The currency symbol for Peru is wrong - S7035555: 4/4 attach/BasicTests.sh needs another tweak for Cygwin - S7036025: java.security.AccessControlException when creating JFileChooser in signed applet - S7036905: [de] dem - the german mark display name is incorrect - S7047033: (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true - S7066203: Update currency data to the latest ISO 4217 standard - S7077119: remove past transition dates from CurrencyData.properties file - S7085757: Currency Data: ISO 4217 Amendment 152 - S7122142, RH1151372: (ann) Race condition between isAnnotationPresent and getAnnotations - S7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites - S7161796, RH1151372: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror - S7171028: dots are missed in the datetime for Slovanian - S7174244: NPE in Krb5ProxyImpl.getServerKeys() - S7185456: (ann) Optimize Annotation handling in java/sun.reflect. * code for small number of annotations - S7189611: Venezuela current Currency should be Bs.F. - S7195759: ISO 4217 Amendment 154 - S7199066: Typo in method name - S7201205: Add Makefile configuration option to build with unlimited crypto in OpenJDK. - S8005232: (JEP-149) Class Instance size reduction - S8006748: getISO3Country() returns wrong value - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8015421: NegativeArraySizeException occurs in ChunkedOutputStream() with Integer.MAX_VALUE - S8015570: Use long comparison in Rule.getRules() - S8021121: ISO 4217 Amendment Number 156 - S8021372: NetworkInterface.getNetworkInterfaces() returns duplicate hardware address - S8022721: TEST_BUG: AnnotationTypeDeadlockTest.java throws java.lang.IllegalStateException: unexpected condition - S8023956: Provide a work-around to broken Linux 32 bit \"Exec Shield\" using CS for NX emulation (crashing with SI_KERNEL) - S8025051: Update resource files for TimeZone display names - S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing - S8027359: XML parser returns incorrect parsing results - S8027370: Support tzdata2013h - S8027695: There should be a space before % sign in Swedish locale - S8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings - S8028726: (prefs) Check src/solaris/native/java/util/FileSystemPreferences.c for JNI pending exceptions - S8029153: [TESTBUG] test/compiler/7141637/SpreadNullArg.java fails because it expects NullPointerException - S8029318: Native Windows ccache still reads DES tickets - S8030822: (tz) Support tzdata2013i - S8031046: Native Windows ccache might still get unsupported ticket - S8032788: ImageIcon constructor throws an NPE and hangs when passed a null String parameter - S8032909: XSLT string-length returns incorrect length when string includes complementary chars - S8035613: With active Securitymanager JAXBContext.newInstance fails - S8037012: (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b - S8040617: [macosx] Large JTable cell results in a OutOfMemoryException - S8041990: [macosx] Language specific keys does not work in applets when opened outside the browser - S8043012: (tz) Support tzdata2014c - S8046343: (smartcardio) CardTerminal.connect(\'direct\') does not work on MacOSX - S8049250: Need a flag to invert the Card.disconnect(reset) argument - S8049343: (tz) Support tzdata2014g - S8050485: super() in a try block in a ctor causes VerifyError - S8051012: Regression in verifier for method call from inside of a branch - S8051614: smartcardio TCK tests fail due to lack of \'reset\' permission - S8054367: More references for endpoints - S8055222: Currency update needed for ISO 4217 Amendment #159 - S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002] failure - S8058715: stability issues when being launched as an embedded JVM via JNI - S8059206: (tz) Support tzdata2014i - S8060474: Resolve more parsing ambiguity - S8061826: Part of JDK-8060474 should be reverted - S8062561: Test bug8055304 fails if file system default directory has read access - S8062807: Exporting RMI objects fails when run under restrictive SecurityManager - S8064560: (tz) Support tzdata2014j * Backports - OJ51, PR2187: Sync patch for 4873188 with 7 version - OJ52, PR2185: Application of 6786276 introduces compatibility issue - OJ53, PR2181: strict-aliasing warnings issued on PPC32 - OJ54, PR2182: 6911104 reintroduces test fragment removed in existing 6964018 backport - S6730740, PR2186: Fix for 6729881 has apparently broken several 64 bit tests: \"Bad address\" - S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine - S8000897, PR2173, RH1155012: VM crash in CompileBroker - S8020190, PR2174, RH1176718: Fatal: Bug in native code: jfieldID must match object - S8028623, PR2177, RH1168693: SA: hash codes in SymbolTable mismatching java_lang_String::hash_code for extended characters - S8061785, PR2177: [TEST_BUG] serviceability/sa/jmap-hashcode/Test8028623.java has utf8 character corrupted by earlier merge * Bug fixes - PR1831: Drop version requirement for LCMS 2 - PR1832, RH1022017: Report elliptic curves supported by NSS, not the SunEC library - PR2033: patches/ecj/jaxws-getdtdtype.patch no longer applies since removal of JAXWS drop - PR2062: Unset OS before running OpenJDK build - PR2070: Type-punning warnings still evident on RHEL 5 - PR2082: Cast should use same type as GCDrainStackTargetSize (uintx). - PR2096, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure - PR2125: Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS - PR2179: Avoid x86 workaround when running Zero rather than a JIT - PR2180: Old autotools dislike $(builddir)/fsg.sh * CACAO - PR2184: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 1.13.6 * JamVM - PR2190: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 1.13.6- Remove upstreamed patches: * icedtea6-1.13.5-aarch64.patch * icedtea6-1.13.5-bootstrap.patch * icedtea6-1.13.5-s390.patch * Tue Nov 18 2014 fstrbaAATTsuse.com- Do not package the timezone data, since we are using the one from timezone-info package- Clean-up some dependencies- Use the jredir macro instead of %sdkdir/jre * Sun Nov 16 2014 fstrbaAATTsuse.com- Build the javadoc package as noarch, since it installed in architecture independent place * Fri Nov 14 2014 fstrbaAATTsuse.com- Disable building of documentation for aarch64 * It takes more then 8 hours without output and OBS kills the build as stuck * Tue Nov 11 2014 fstrbaAATTsuse.com- Add one more cast for s390\'s MIN2 template. * Thu Nov 06 2014 fstrbaAATTsuse.com- Don\'t build pulseaudio integration during bootstrap build. * Fri Oct 17 2014 fstrbaAATTsuse.com- Remove java-access-bridge sources * Split accessibility package and use java-atk-wrapper instead of java-access-bridge (like the other java packages in this repository- Removed patches: java-1.6.0-openjdk-java-access-bridge-idlj.patch and java-1.6.0-openjdk-java-access-bridge-tck.patch * Unneeded, since they were patching the java-access-bridge * Thu Oct 16 2014 fstrbaAATTsuse.com- Build in bootstrap mode with --enable-bootstrap-tools * Thu Oct 16 2014 fstrbaAATTsuse.com- Add patch: missing-includes-ecj.patch * fix implicit-fortify-decl for ecj boostrap build * Wed Oct 15 2014 fstrbaAATTsuse.com- Update to 1.13.5 * Security fixes - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker method lookup. - S8036810: Correct linker field lookup - S8037066, CVE-2014-6457: Secure transport layer - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams - S8038899: Safer safepoints - S8038903: More native monitor monitoring - S8038908: Make Signature more robust - S8038913: Bolster XML support - S8039509, CVE-2014-6512: Wrap sockets more thoroughly - S8039533, CVE-2014-6517: Higher resolution resolvers - S8041540, CVE-2014-6511: Better use of pages in font processing - S8041545: Better validation of generated rasters - S8041564, CVE-2014-6506: Improved management of logger resources - S8041717, CVE-2014-6519: Issue with class file parser - S8042609, CVE-2014-6513: Limit splashiness of splash images - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord - S8044274, CVE-2014-6531: Proper property processing * Import of OpenJDK6 b33 - OJ37: OpenJDK6-b32 cannot be built on Windows - OJ39: Handle fonts with the non-canonical processing flag set - OJ41: OpenJDK6 should be compatible with Windows SDK 7.1 - OJ42: Remove AATTOverride annotation on interfaces added by 2014/10/14 security fixes. - S6967684: httpserver using a non thread-safe SimpleDateFormat - S7033534: Two tests fail just against jdk7 b136 - S7160837: DigestOutputStream does not turn off digest calculation when \"close()\" is called - S7172149: ArrayIndexOutOfBoundsException from Signature.verify - S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build - S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode - S8028192: Use of PKCS11-NSS provider in FIPS mode broken - S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride - S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream - S8042603: \'SafepointPollOffset\' was not declared in static member function \'static bool Arguments::check_vm_args_consistency()\' - S8042850: Extra unused entries in ICU ScriptCodes enum - S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01 - S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect() * Backports - S4963723: Implement SHA-224 - S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI - S6753664: Support SHA256 (and higher) in SunMSCAPI - S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException - S7044060: Need to support NSA Suite B Cryptography algorithms - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512 - S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes - S8006935: Need to take care of long secret keys in HMAC/PRF compuation - S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can\'t be instantiated - S8049480: Current versions of Java can\'t verify jars signed and timestamped with Java 9 * Bug fixes - PR1904: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information - PR1967: Move to new OpenJDK bug URL format- Do not use \"fedora\" suffix for the cleaned tarball, use \"cleaned\" instead. * rename the cleaner script accordingly * use extreme compression in the cleaner script- Added patch: icedtea6-1.13.5-bootstrap.patch * fix bootstrap build * Mon Jul 28 2014 tchvatalAATTsuse.com- Rename the fontconfig file to SUSE not SuSE. bnc#889006. * Fri Jul 25 2014 fstrbaAATTsuse.com- Removed openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch- Added openjdk-6-src-b32-no-return-in-nonvoid-function-ppc.patch * need to rediff- Run spec-cleaner on the package and remove spec file parts that are not relevant to SUSE distributions * Wed Jul 16 2014 fstrbaAATTsuse.com- Update to 1.13.4 * Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037157: Verify call - S8037076, CVE-2014-2490: Check constant pool constants - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates * Import of OpenJDK6 b32 - OP32: OpenJDK6-b31 isn\'t compatible with Windows platform - OJ33: Update copyright headers introduced by the fix for OPENJDK6-32 - OJ34: OpenJDK6-b31 backport of JDK-6638712 to openjdk6 - OJ35: backport of JDK-6650759 to openjdk6 - OJ36: Fix a mistake in backport of 8035119 - S8013611: Modal dialog fails to obtain keyboard focus - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8028111: XML readers share the same entity expansion counter - S8028285: RMI Thread can no longer call out to AWT - S8029038: Revise fix for XML readers share the same entity expansion counter - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64 - S8042590: Running form URL throws NPE - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader * Backports - S7027300, RH1098399: Unsynchronized HashMap access causes endless loop - S7183251: Netbeans editor renders text wrong on JDK 7u6 build * Fri Jul 11 2014 fstrbaAATTsuse.com- update to 1.13.3 * Many security fixes- bootstrap build for suse_version >= 1310 * Wed Nov 27 2013 mvyskocilAATTsuse.com- update to 1.12.7 (bnc#852367) * Security fixes - S8006900, CVE-2013-3829: Add new date/time capability - S8008589: Better MBean permission validation - S8011071, CVE-2013-5780: Better crypto provider handling - S8011081, CVE-2013-5772: Improve jhat - S8011157, CVE-2013-5814: Improve CORBA portablility - S8012071, CVE-2013-5790: Better Building of Beans - S8012147: Improve tool support - S8012277: CVE-2013-5849: Improve AWT DataFlavor - S8012425, CVE-2013-5802: Transform TransformerFactory - S8013503, CVE-2013-5851: Improve stream factories - S8013506: Better Pack200 data handling - S8013510, CVE-2013-5809: Augment image writing code - S8013514: Improve stability of cmap class - S8013739, CVE-2013-5817: Better LDAP resource management - S8013744, CVE-2013-5783: Better tabling for AWT - S8014085: Better serialization support in JMX classes - S8014093, CVE-2013-5782: Improve parsing of images - S8014102, CVE-2013-5778: Improve image conversion - S8014341, CVE-2013-5803: Better service from Kerberos servers - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations - S8014530, CVE-2013-5825: Better digital signature processing - S8014534: Better profiling support - S8014987, CVE-2013-5842: Augment serialization handling - S8015614: Update build settings - S8015731: Subject java.security.auth.subject to improvements - S8015743, CVE-2013-5774: Address internet addresses - S8016256: Make finalization final - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names - S8016675, CVE-2013-5797: Make Javadoc pages more robust - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately - S8017287, CVE-2013-5829: Better resource disposal - S8017291, CVE-2013-5830: Cast Proxies Aside - S8017298, CVE-2013-4002: Better XML support - S8017300, CVE-2013-5784: Improve Interface Implementation - S8017505, CVE-2013-5820: Better Client Service - S8019292: Better Attribute Value Exceptions - S8019617: Better view of objects - S8020293: JVM crash - S8021290, CVE-2013-5823: Better signature validation - S8022940: Enhance CORBA translations - S8023683: Enhance class file parsing * Backports - S4075303: Use javap to enquire about a specific inner class - S4111861: static final field contents are not displayed - S4348375: Javap is not internationalized - S4459541: \"javap -l\" shows line numbers as signed short; they should be unsigned - S4501660: change diagnostic of -help as \'print this help message and exit\' - S4501661: disallow mixing -public, -private, and -protected options at the same time - S4776241: unused source file in javap... - S4870651: javap should recognize generics, varargs, enum - S4876942: javap invoked without args does not print help screen - S4880663: javap could output whitespace between class name and opening brace - S4884240: additional option required for javap - S4893408: JPEGReader throws IllegalArgException when setting the destination to BYTE_GRAY - S4975569: javap doesn\'t print new flag bits - S6271787: javap dumps LocalVariableTypeTable attribute in hex, needs to print a table - S6305779: javap: support annotations - S6439940: Clean up javap implementation - S6469569: wrong check of searchpath in JavapEnvironment - S6474890: javap does not open .zip files in -classpath - S6563752: Build and test JDK7 with Sun Studio 12 Express compilers (prep makefiles) - S6587786: Javap throws error : \"ERROR:Could not find \" for JRE classes - S6622215: javap ignores certain relevant access flags - S6622216: javap names some attributes incorrectly - S6622232: javap gets whitespace confused - S6622260: javap prints negative bytes incorrectly in hex - S6631559: Registration of ImageIO plugins should not cause loading of jpeg.dlli and cmm.dll - S6636331: ConcurrentModificationException in AppContext code - S6636370: minor corrections and simplification of code in AppContext - S6708729: update jdk Makefiles for new javap - S6715767: javap on java.lang.ClassLoader crashes - S6729772: 64-bit build with SS12 compiler: SIGSEGV (0xb) at pc=0x0000000000000048, pid=14826, tid=2 - S6791502: IIOException \"Invalid icc profile\" on jpeg after update from JDK5 to JDK6 - S6793818: JpegImageReader is too greedy creating color profiles - S6799141: Build with --hash-style=both so that binaries can work on SuSE 10 - S6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003 - S6819246: improve support for decoding instructions in classfile library - S6824493: experimental support for additional info for instructions - S6840152: JVM crashes when heavyweight monitors are used - S6841419: classfile: add constant pool iterator - S6841420: classfile: add new methods to ConstantClassInfo - S6843013: missing files in fix for 6824493 - S6852856: javap changes to facilitate subclassing javap for variants - S6867671: javap whitespace formatting issues - S6868539: javap should use current names for constant pool tags - S6888215: memory leak in jpeg plugin - S6902264: fix indentation of tableswitch and lookupswitch - S6925851: Localize JRE into pt_BR - S6954275: XML signatures with reference data larger 16KB and cacheRef on fails to validate - S6974017: Upgrade required Solaris Studio compilers to 5.10 (12 update 1 + patches) - S6980281: SWAT: SwingSet2 got core dumped in Solaris-AMD64 using b107 swat build - S6989760: cmm native compiler warnings - S6989774: imageio compiler warnings in native code - S7000225: Sanity check on sane-alsa-headers is broken - S7013519: [parfait] Integer overflows in 2D code - S7018912: [parfait] potential buffer overruns in imageio jpeg - S7022999: Can\'t build with FORCE_TIERED=0 - S7035073: Add missing timezones to TimeZoneNames_pt_BR.java - S7038711: Fix CC_VER checks for compiler options, fix use of -Wno-clobber - S7146431: java.security files out-of-sync - S7196533: TimeZone.getDefault() slow due to synchronization bottleneck - S8000450: Restrict access to com/sun/corba/se/impl package - S8002070: Remove the stack search for a resource bundle for Logger to use - S8003992: File and other classes in java.io do not handle embedded nulls properly - S8004188: Rename src/share/lib/security/java.security to java.security-linux - S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer \'scale\' allocated with calloc() - S8006882: Proxy generated classes in sun.proxy package breaks JMockit - S8010118: Annotate jdk caller sensitive methods with AATTsun.reflect.CallerSensitive - S8010727: WLS fails to add a logger with \"\" in its own LogManager subclass instance - S8010939: Deadlock in LogManager - S8011139: (reflect) Revise checking in getEnclosingClass - S8011950: java.io.File.createTempFile enters infinite loop when passed invalid data - S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows - S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21 - S8012453: (process) Runtime.exec(String) fails if command contains spaces [win] - S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer - S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup - S8013827: File.createTempFile hangs with temp file starting with \'com1.4\' - S8014469: (tz) Support tzdata2013c - S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 - S8014745: Provide a switch to allow stack walk search of resource bundle - S8015144: Performance regression in ICU OpenType Layout library - S8015965: (process) Typo in name of property to allow ambiguous commands - S8015978: Incorrect transformation of XPath expression \"string(-0)\" - S8016357: Update hotspot diagnostic class - S8017566: Backout 8000450 - Cannot access to com.sun.corba.se.impl.orb.ORBImpl - S8019584: javax/management/remote/mandatory/loading/MissingClassTest.java failed in nightly against jdk7u45: java.io.InvalidObjectException: Invalid notification: null - S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes - S8019979: Replace CheckPackageAccess test with better one from closed repo - S8020054: (tz) Support tzdata2013d - S8020983, RH976897: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances - S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris - S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing - S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotificationInfo/serial/index.html#Input has failed since jdk 7u45 b01 - S8021933: Add extra check for fix # JDK-8014530 - S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log. - S8022661: InetAddress.writeObject() performs flush() on object output stream - S8022682: Supporting XOM - S8023964: java/io/IOException/LastErrorString.java should be AATTignore-d - S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp - S8025128: File.createTempFile fails if prefix is absolute path - S8025255: (tz) Support tzdata2013g - OJ19: Fix test cases from 8010118 to work with OpenJDK 6 - OJ20: Resolve merge issues with JAXP security fixes - OJ21: Remove AATTOverride annotation added on interface by 2013/10/15 security fixes * Bug fixes - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel. - RH995488: Java thinks that the default timezone is Busingen instead of Zurich - D729448: 32-bit alignment on mips and mipsel * refreshed: java-1.6.0-openjdk-java-access-bridge-security.patch * Wed Aug 21 2013 mvyskocilAATTsuse.com- remove jpackage-utils from Requires to BuildRequires * they were obsoleted by javapackages-tools, which require python, lua et all * Tue Jul 16 2013 mvyskocilAATTsuse.com- update to 1.12.6 (bnc#829708) * Security fixes - S6741606, CVE-2013-2407: Integrate Apache Santuario - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls - S7170730, CVE-2013-2451: Improve Windows network stack support. - S8000638, CVE-2013-2450: Improve deserialization - S8000642, CVE-2013-2446: Better handling of objects for transportation - S8001032: Restrict object access - S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers - S8001034, CVE-2013-1500: Memory management improvements - S8001038, CVE-2013-2444: Resourcefully handle resources - S8001043: Clarify definition restrictions - S8001309: Better handling of annotation interfaces - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost - S8001330, CVE-2013-2443: Improve on checking order - S8003703, CVE-2013-2412: Update RMI connection dialog box - S8004584: Augment applet contextualization - S8005007: Better glyph processing - S8006328, CVE-2013-2448: Improve robustness of sound classes - S8006611: Improve scripting - S8007467: Improve robustness of JMX internal APIs - S8007471: Improve MBean notifications - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes - S8008120, CVE-2013-2457: Improve JMX class checking - S8008124, CVE-2013-2453: Better compliance testing - S8008128: Better API coherence for JMX - S8008132, CVE-2013-2456: Better serialization support - S8008585: Better JMX data handling - S8008593: Better URLClassLoader resource management - S8008603: Improve provision of JMX providers - S8008611: Better handling of annotations in JMX - S8008615: Improve robustness of JMX internal APIs - S8008623: Better handling of MBeanServers - S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 - S8008982: Adjust JMX for underlying interface changes - S8009004: Better implementation of RMI connections - S8009013: Better handling of T2K glyphs - S8009034: Improve resulting notifications in JMX - S8009038: Improve JMX notification support - S8009067: Improve storing keys in KeyStore - S8009071, CVE-2013-2459: Improve shape handling - S8009235: Improve handling of TSA data - S8011243, CVE-2013-2470: Improve ImagingLib - S8011248, CVE-2013-2471: Better Component Rasters - S8011253, CVE-2013-2472: Better Short Component Rasters - S8011257, CVE-2013-2473: Better Byte Component Rasters - S8012375, CVE-2013-1571: Improve Javadoc framing - S8012421: Better positioning of PairPositioning - S8012438, CVE-2013-2463: Better image validation - S8012597, CVE-2013-2465: Better image channel verification - S8012601, CVE-2013-2469: Better validation of image layouts - S8014281, CVE-2013-2461: Better checking of XML signature - S8015997: Additional improvement in Javadoc framing * Backports - S6469266: Integrate Apache XMLSec 1.4.2 into JDK 7 - S6541350: TimeZone display names localization - S6656651: Windows Look and Feel LCD glyph images have some differences from native applications. - S6786028: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Bold tags should be strong - S6786682: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - HTML tag should have lang attribute - S6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Table must have captions and headers - S6786690: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - DL tag and nesting issue - S6802694: Javadoc doclet does not display deprecated information with -nocomment option for serialized form - S6821191: Timezone display name localization - S6851834: Javadoc doclet needs a structured approach to generate the output HTML. - S6888167: memory leaks in the medialib glue code - S6961178: Allow doclet.xml to contain XML attributes - S6977550: (tz) Support tzdata2010l - S6996686: (tz) Support tzdata2010o - S7006270: Several javadoc regression tests are failing on windows - S7017800: (tz) Support tzdata2011b - S7027387: (tz) Support tzdata2011d - S7033174: (tz) Support tzdata2011e - S7039469: (tz) Support tzdata2011g - S7090843: (tz) Support tzdata2011j - S7103108: (tz) Support tzdata2011l - S7103405: Correct display names for Pacific/Apia timezone - S7104126: Insert openjdk copyright header back into TZdata files - S7158483: (tz) Support tzdata2012c - S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing - S7198570: (tz) Support tzdata2012f - S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node - S8002225: (tz) Support tzdata2012i - S8009165: Fix for 8006435 needs revision - S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 - S8009530: ICU Kern table support broken - S8009610: Blacklist certificate used with malware. - S8009987: (tz) Support tzdata2013b - S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail - S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod - S8010727: WLS fails to add a logger with \"\" in its own LogManager subclass instance - S8010939: Deadlock in LogManager - S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows - S8011557: Improve reflection utility classes - S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 - S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris - S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer - S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 - S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() - S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 - S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 * Thu Apr 25 2013 mvyskocilAATTsuse.com- update to 1.12.5 (bnc#817157) * Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model - S8001322: Refactor deserialization - S8001329, CVE-2013-1557: Augment RMI logging - S8003335: Better handling of Finalizer thread - S8003445: Adjust JAX-WS to focus on API - S8003543, CVE-2013-2415: Improve processing of MTOM attachments - S8004261: Improve input validation - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames - S8004986, CVE-2013-2383: Better handling of glyph table - S8004987, CVE-2013-2384: Improve font layout - S8004994, CVE-2013-1569: Improve checking of glyph table - S8005432: Update access to JAX-WS - S8005943: (process) Improved Runtime.exec - S8006309: More reliable control panel operation - S8006435, CVE-2013-2424: Improvements in JMX - S8006790: Improve checking for windows - S8006795: Improve font warning messages - S8007406: Improve accessibility of AccessBridge - S8007617, CVE-2013-2420: Better validation of images - S8007667, CVE-2013-2430: Better image reading - S8007918, CVE-2013-2429: Better image writing - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap - S8009305, CVE-2013-0401: Improve AWT data transfer - S8009699, CVE-2013-2421: Methodhandle lookup - S8009814, CVE-2013-1488: Better driver management - S8009857, CVE-2013-2422: Problem with plugin - RH952389: Temporary files created with insecure permissions * Backports - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts - S7036559: ConcurrentHashMap footprint and contention improvements - S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param (with WeakCache from S6397609) - S6501644: sync LayoutEngine *code * structure to match ICU - S6886358: layout code update - S6963811: Deadlock-prone locking changes in Introspector - S7017324: Kerning crash in JDK 7 since ICU layout update - S7064279: Introspector.getBeanInfo() should release some resources in timely manner - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01 - S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial for S6657673) - S8009530: ICU Kern table support broken * Bug fixes - OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906) - PR1362: Fedora 19 / rawhide FTBFS SIGILL - PR1338: Remove dependence on libXp - PR1339: Simplify the rhino class rewriter to avoid use of concurrency - PR1336: Bootstrap failure on Fedora 17/18 - PR1319: Correct #ifdef to #if - PR1402: Support glibc < 2.17 with AArch64 patch - Give xalan/xerces access to their own internal packages. * New features - JAXP, JAXWS & JAF supplied as patches rather than drops to aid subsequent patching. - PR1380: Add AArch64 support to Zero * Tue Mar 05 2013 mvyskocilAATTsuse.com- update to 1.12.4 (bnc#807487) - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion * Wed Feb 20 2013 mvyskocilAATTsuse.com- update to 1.12.3 (bnc#804654) * Security fixes - S8006446: Restrict MBeanServer access (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed * Bug fixes - PR1319: Support GIF lib v5. * Tue Feb 12 2013 mvyskocilAATTsuse.com- update to 1.12.2 (bnc#801972) * Backports - S8004341: Two JCK tests fails with 7u11 b06 - S8005615: Java Logger fails to load tomcat logger implementation (JULI) * Bug fixes - PR1297: cacao and jamvm parallel unpack failures - PR1301: PR1171 causes builds of Zero to fail- openjdk-7-src-b147-awt-crasher.patch (bnc#792951) * Tue Feb 05 2013 mvyskocilAATTsuse.com- update to 1.12.1 (bnc#801972) * Security fixes (on top of 1.12.0) - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdown - S7141694, CVE-2013-0429: Improving CORBA internals - S7173145: Improve in-memory representation of splashscreens - S7186945: Unpack200 improvement - S7186946: Refine unpacker resource usage - S7186948: Improve Swing data validation - S7186952, CVE-2013-0432: Improve clipboard access - S7186954: Improve connection performance - S7186957: Improve Pack200 data validation - S7192392, CVE-2013-0443: Better validation of client keys - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages - S7192977, CVE-2013-0442: Issue in toolkit thread - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies - S7200491: Tighten up JTable layout code - S7200500: Launcher better input validation - S7201064: Better dialogue checking - S7201066, CVE-2013-0441: Change modifiers on unused fields - S7201068, CVE-2013-0435: Better handling of UI elements - S7201070: Serialization to conform to protocol - S7201071, CVE-2013-0433: InetSocketAddress serialization issue - S8000210: Improve JarFile code quality - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class - S8000540, CVE-2013-1475: Improve IIOP type reuse management - S8000631, CVE-2013-1476: Restrict access to class constructor - S8001235, CVE-2013-0434: Improve JAXP HTTP handling - S8001242: Improve RMI HTTP conformance - S8001307: Modify ACC_SUPER behavior - S8001972, CVE-2013-1478: Improve image processing - S8002325, CVE-2013-1480: Improve management of images * Mon Feb 04 2013 mvyskocilAATTsuse.com- update to 1.12.0 * Import of OpenJDK6 b27 (all changes already in security updates) * Import of OpenJDK6 b26 - S7071826: Avoid benign race condition in initialization of UUID - S7123896: Unexpected behavior due to Solaris using separate IPv4 and IPv6 port spaces - S7142509: Cipher.doFinal(ByteBuffer,ByteBuffer) fails to process when in.remaining() == 0 - S7157903: JSSE client sockets are very slow - S7174440: JDK6-open build breakage - S7175845: JSSE client sockets are very slow - S7176477: TEST: Remove testcase test/java/lang/SecurityManager/CheckPackageDefinition.java from jdk6-open - S7184700: Backout changes with wrong id for 7157903 - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo * Import of OpenJDK6 b25 - S6790292: BOOTDIR of jdk6 u12 will not work with jdk7 builds - S6967036: Need to fix links with // in Javadoc comments - S7007299: FileFontStrike appears not to be threadsafe - S7022473: JDK7 still runs /etc/prtconf to find memory size - S7058133: Javah should use the freshly built classes instead of those from the BOOTDIR jdk - S7107919: Remove hotspot assertion due to Solaris 8 kstat \"unimplemented\". - S7123519: problems with certification path - S7126889: Incorrect SSLEngine debug output - S7127104: Build issue with prtconf and zones, also using := to avoid extra execs - S7128474: Update source copyright years - S7128505: Building on em64t system does not work - S7149751: another krb5 test in openjdk6 without test infrastructure * Backports - S6706974: Add krb5 test infrastructure - S6764553: com.sun.org.apache.xml.internal.security.utils.IdResolver is not thread safe - S6761072: new krb5 tests fail on multiple platforms - S6883983: JarVerifier dependency on sun.security.pkcs should be removed - S4465490: Suspicious about double-check locking idiom being used in the code - S6763340: memory leak in com.sun.corba.se. * classes - S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04 - S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477 - S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8 - S6414899: P11Digest should support cloning - S4898461: Support for ECB and CBC/PKCS5Padding - S6604496: Support for CKM_AES_CTR (counter mode) - S6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data - S6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks - S6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException - S6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider - S6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID - S6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED - S7088989: Improve the performance for T4 by utilizing the newly provided crypto APIs * Bug fixes - PR902: PulseAudioClip getMicrosecondsLength() returns length in milliseconds, not microseconds - PR1050: Stream objects not garbage collected - PR1113: Add tapset tests to distribution. - PR1117: IcedTea6 prebuilds far too many classes on bootstrap - PR1121: Old installs still suffer from GCC PR41686 - PR1119: Only add classes to rt-source-files.txt if the class (or one or more of its methods/fields) are actually missing from the boot JDK - PR1114: Provide option to turn off downloading of tarballs (--disable-downloading) - PR1176: Synchronise CACAO rules between IcedTea6/7/8 where possible - RH513605: Updating/Installing OpenJDK should recreate the shared class-data archive - G422525: Apply pax markings before using a freshly built JVM. - PR986: IcedTea fails to build with IcedTea6 CACAO due to low max heap size * CACAO - PR1120: Unified version for icedtea6/7 - CA166, CA167: check-langtools fixes for icedtea6 - Implemented sun.misc.Perf.highResCounter - CACAO now identifies by its own Mercurial revision - Some memory barrier maintenance - Ability to run when compiled as Thumb on armv5 (no Thumb JIT though) - Stop creating pseudo files for OpenJDK (libjsig.so, Xusage.txt) - Clang fix for the i386 backend - CONTRIBUTE: Reference code submission process wiki instructions. - INSTALL.CACAO: Update, so following the instruction actually works. - Make doxygen work - CA172, PR1266, G453612: ARM hardfloat support - src/scripts/java.in: Look for cacao executable in install path, not in PATH. - src/vm/jit/alpha/asmpart.S: Fix copyright header. - src/vm/jit/alpha/asmpart.S: Properly set up GP in asm_abstractmethoderror - Use AATTabs_top_builddirAATT for support scripts * JamVM - ARMv6 armhf: Changes for Raspbian (Raspberry Pi) - PPC: Don\'t use lwsync if it isn\'t supported - X86: Generate machine-dependent stubs for i386 - When suspending, ignore detached threads that have died, this prevents a user caused deadlock when an external thread has been attached to the VM via JNI and it has exited without detaching - Add missing REF_TO_OBJs for references passed from JNI, this enable JamVM to run Qt-Jambi - PR1155: Do not put version number in libjvm.so SONAME * SystemTap - Addition of garbage collection probes * drop bouncycastle patch and add a shell hackery in %install * Fri Oct 19 2012 mvyskocilAATTsuse.com- update to 1.11.5 (bnc#785433) * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Conditional usage check is wrong - S7195194, CVE-2012-5084: Better data validation for Swing - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7176337: Additional changes needed for 7158801 fix - S7198606, CVE-2012-4416: Improve VM optimization * Backports - S7175845: \"jar uf\" changes file permissions unexpectedly - S7177216: native2ascii changes file permissions of input file - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo * Bug fixes - PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default * Mon Sep 03 2012 mvyskocilAATTsuse.cz- update to 1.11.4 (bnc#777499) * Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references * OpenJDK - S7182135: Impossible to use some editors directly - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE * Mon Aug 20 2012 meissnerAATTsuse.com- fixed gnome-java-bridge.jar file permissions. bnc#770040 * Thu Jun 14 2012 dmuellerAATTsuse.com- fix build for non-jit packages * Thu Jun 14 2012 mvyskocilAATTsuse.cz- update to 1.11.3 (bnc#766802) * Security fixes - S7079902, CVE-2012-1711: Refine CORBA data models - S7110720: Issue with vm config file loadingIssue with vm config file loading - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC - S7143872, CVE-2012-1718: Improve certificate extension processing - S7145239: Finetune package definition restriction - S7152811, CVE-2012-1723: Issues in client compiler - S7157609, CVE-2012-1724: Issues with loop - S7160677: missing else in fix for 7152811 - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile * Bug fixes - PR1018: JVM fails due to SEGV during rendering some Unicode characters (part of 6886358) * Tue Jun 12 2012 cfarrellAATTsuse.com- license update: GPL-2.0-with-classpath-exception Use a license from http://www.spdx.org/licenses (or from the spreadsheet linked at license.opensuse.org if spdx.org does not have a suitable entry) * Mon May 14 2012 mvyskocilAATTsuse.cz- update to 1.11.2 * Bug fixes - RH789154: javac error messages no longer contain the full path to the offending file: - PR797: Compiler error message does not display entire file name and path - PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6 - PR886: 6-1.11.1 fails to build CACAO on ppc - Specify both source and target in IT_GET_DTDTYPE_CHECK. - Install nss.cfg into j2re-image too. - PR584: Don\'t use shared Eden in incremental mode. * Backports - S6792400: Avoid loading of Normalizer resources for simple uses- fix fileconflict with java-1_7_0-openjdk- add openjdk-6-src-b24-zero-increase-stack-size.patch by Dinar Valeev * Wed Apr 04 2012 reddwarfAATTopensuse.org- Add xorg-x11 BuildRequires to have xprop * Mon Feb 27 2012 dmuellerAATTsuse.de- fix build on ARM * Thu Feb 16 2012 mvyskocilAATTsuse.cz- update to 1.11.1 (bnc#747208) * Security fixes - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server * Bug fixes - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch * Fri Feb 03 2012 roAATTsuse.de- apply ppc patch also on s390/s390x- add a 3 more void-return fixes to ppc patch * Fri Feb 03 2012 mvyskocilAATTsuse.cz- update to icedtea6-1.11, openjdk b24- ARM assembly language port reinstated and updated- Allow selection of test suites using the jtreg_checks argument e.g. jtreg_checks=\"langtools\"- Drop the outdated NIO2 backport. Users who want NIO2 should use IcedTea 2.x.- Shark has been disabled- Fixed build with GCC 4.7 * Tue Jan 17 2012 mvyskocilAATTsuse.cz- update to 1.10.5 (bugfix release) * Backports - S7034464: Support transparent large pages on Linux - S7037939: NUMA: Disable adaptive resizing if SHM large pages are used - S7102369: remove java.rmi.server.codebase property parsing from registyimpl - S7094468: rmiregistry clean up - S7103725, RH767129: REGRESSION - 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA - S6851973, PR830: ignore incoming channel binding if acceptor does not set one - S7091528: javadoc attempts to parse .class files * Sat Dec 10 2011 meissnerAATTsuse.de- adjusted patch110 to fix ppc build. * Fri Dec 09 2011 mvyskocilAATTsuse.cz- there is no architecture called arm, so use macro instead * Thu Dec 08 2011 mvyskocilAATTsuse.cz- fix a stuff needed for gjc-based build * change compiler flags in configure to gjc compatible * added no-werror patch for openjdk-ecj * avoid all aditional checking packages in this mode * temporary remove memory size increase * exclude patch110 in this case - TBD later- definitelly drop noarch feature as it never worked well- add arm to 32bit architectures- remove rhino as a runtime dependency, as it\'s repackaged and installed in the jvm\'s tree- enable build --with-parallel-jobs * Wed Nov 30 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency * Fri Oct 21 2011 mvyskocilAATTsuse.cz- update to 1.10.4 (bnc#725167)- Security fixes * S7000600, CVE-2011-3547: InputStream skip() information leak * S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor * S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow * S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager * S7046794, CVE-2011-3553: JAX-WS stack-traces information leak * S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine * S7055902, CVE-2011-3521: IIOP deserialization code execution * S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks * S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) * S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer * S7077466, CVE-2011-3556: RMI DGC server remote code execution * S7083012, CVE-2011-3557: RMI registry privileged code execution * S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection- Bug fixes - RH727195: Japanese font mappings are broken- Backports - S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog * Thu Aug 04 2011 mvyskocilAATTsuse.cz- update to 1.10.3- Bug fixes * PR748: Icedtea6 fails to build with Linux 3.0. * PR744: icedtea6-1.10.2 : patching error- Backports: * S7037283, RH712211: Null Pointer Exception in SwingUtilities2. * S6769607, PR677: Modal frame hangs for a while. * S6578583: Modality is broken in windows vista home premium from jdk1.7 b02 onwards. * S6610244: modal dialog closes with fatal error if -Xcheck:jni is set- don\'t touch java and javac alternatives anymore * Tue Jun 14 2011 mvyskocilAATTsuse.cz- fix build on 11.1/i586 distros * add icedtea6-replace-gcc-stack-marking.patch * Wed Jun 08 2011 mvyskocilAATTsuse.cz- fix bnc#698739: icedtea6-1.10.2 released- Security fixes * S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) * S6618658, CVE-2011-0865: Vulnerability in deserialization * S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() * S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code * S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings * S7013971, CVE-2011-0869: Vulnerability in SAAJ * S7016340, CVE-2011-0870: Vulnerability in SAAJ * S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero * S7020198, CVE-2011-0871: ImageIcon creates Component with null acc * S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables- Backports * S7043054: REGRESSION - wrong userBounds in Paint.createContext() * S7043963, RH698295: Window manager workaround in AWT was not applied to mutter. Now it is.- add commented bouncycastle provider into java.security allowing easy enable it from rpm requested by rgarrigue * Thu Jun 02 2011 mvyskocilAATTsuse.cz- fix bnc#695858 - call update-ca-certificates in posttrans * Thu Apr 14 2011 mvyskocilAATTsuse.cz- Fix the keystore handling * remove the default (32 bytes long) keystore, if installed * install symlinks in %posttrans, because older file not dissapear in post * Tue Apr 05 2011 mvyskocilAATTsuse.cz- Update to icedtea6-1.10.1, openjdk b22, hotdpot 20b11 see following links for more details http://blog.fuseyism.com/index.php/2011/04/04/icedtea6-1101-released/ http://blog.fuseyism.com/index.php/2011/03/02/icedtea6-110-released/- Backports: * S7023591, S7027667: Clipped antialiased rectangles are filled, not drawn. Add missing privileged block around access to the sun.awt.nativedebug property. * S7032388, PR682: Make HotSpot work on machines without cmov instruction again * S7031385, PR680: Incorrect register allocation in orderAccess_linux_x86.inline.hpp Bug fixes: * G356743: Support libpng 1.5. * RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors * PR600: HS19 upgrade broke CACAO build on ARM * PR616, PR99: Don’t statically link libstdc++ or libgcc * PR632: patches/security/20110215/6878713.patch breaks shark zero build * PR103: Usage of native2ascii during bootstrap * PR633: IcedTea installs javaws manpages on x86 even with –disable-webstart * PR635: zero fails to build on icedtea6 trunk 20110217 with hs20 * PR586: Sources missing from src.zip * PR639: Add missing include line, paths and LLVM flags for Shark. * PR640: JamVM fails to build - Unrecognised option: -XX:ThreadStackSize. * PR641: Increase stack size for PPC * PR497: Mercurial revision detection not very reliable * PR585: Freenet throws java.lang.UnsatisfiedLinkError with OpenJDK/CACAO- remove webstart and plugin, as they are now in separate icedtwa-web project- fix bnc#596177 - generate java cacerts at runtime (enabled for openSUSE 11.3+) * Tue Mar 15 2011 mvyskocilAATTsuse.cz- remove policytool from javac alternative * Thu Feb 24 2011 mvyskocilAATTsuse.cz- fix bnc#671714 - VUL-0: java-1_6_0-openjdk: permissions assigned to applets with multiple JARs (icedtea6-1.9.7)- Security updates * S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption * S6907662, CVE-2010-4465: Swing timer-based security manager bypass * S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation * S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets * S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries * S6985453, CVE-2010-4471: Java2D font-related system property leak * S6927050, CVE-2010-4470: JAXP untrusted component state manipulation * RH677332, CVE-2011-0706: Multiple signers privilege escalation- Bug fixes * RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken * G344659: Fix issue when building on SPARC * Fix latent JAXP bug caused by missing import- fix bnc#670304 - VUL-1: java-1_6_0-openjdk: denial of service using floats (icedtea6-1.9.6)- Security updates * S4421494, CVE-2010-4476: infinite loop while parsing double literal- patches changes: * obsoletes stack-protector patches (already upstreamed) * modified openjdk-6-src-b20-initialized-after.patch * modified openjdk-6-src-b20-no-werror.patch * openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch * add openjdk-6-src-b20-stringcompare.patch * add openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch * add openjdk-6-src-b20-gcj-workaround.patch (11.2/x86_64 workaround) * Tue Feb 01 2011 mvyskocilAATTsuse.cz- fix bnc#667313 - VUL-0: embargoed java icedtea issues- Security updates * RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass- Backports * S6687968: PNGImageReader leaks native memory through an Inflater * S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk * S6782079: PNG: reading metadata may cause OOM on truncated images- Fixes * PR619: Improper finalization by the plugin can crash the browser * Mon Jan 31 2011 mvyskocilAATTsuse.cz- fix bmo#582130 - symbol clash between moonlight and icedtea plugin * icedtea6-1.9.4-moonlight-symbol-clash.patch- mark cursor.properties a config * Mon Jan 17 2011 mvyskocilAATTsuse.cz- fix bnc#664298 - VUL-0: java-1_6_0-openjdk: JNLPSecurityManager in some cases silently returns when a permission is denied- Security updates: * RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass- Backports * S4356282: RFE: JDK should support OpenType/CFF fonts * S6954424, RH525870: Support OpenType/CFF fonts in JDK 7 * S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc * S6967436, RH597227: lines longer than 2^15 can fill window. * S6967433: dashed lines broken when using scaling transforms. * S6976265: No STROKE_CONTROL * S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality. * S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray- Fixes - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text- fix bnc#635365 - icedtea update broke java from firefox - bogus java path * icedtea6-1.9.4-realpath.patch use realpath to resolve the double symlinks * Tue Jan 11 2011 mvyskocilAATTsuse.cz- Update to icedtea6-1.9.3 * Re-enable compressed oops by default now 7002666 is fixed. * bakckport S7002666: Eclipse CDT projects crash with compressed oops * fix reapply ia64 fix from S6896043 which was reverted by S6953477- fix bnc#635365 - icedtea update broke java from firefox - bogus java path * wrote a proposal readlink-recursive.patch * sent upstream - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=613 * Wed Dec 01 2010 mvyskocilAATTsuse.cz- update to icedtea6-1.9.2 (bnc#656742)- Latest security updates and hardening patches: * RH645843, CVE-2010-3860: IcedTea System property information leak via public static- Upgrade to latest revision of hs19 (b09).- Allow the building of NetX to be disabled.- Backports * S6622432: RFE: Performance improvements to java.math.BigDecimal * S6850606: Regression from JDK 1.6.0_12 * S6876282: BigDecimal’s divide(BigDecimal bd, RoundingFormat r) produces incorrect result * S6991430, PR579: Zero PowerPC fix. * S6703377: freetype: glyph vector outline is not translated correctly * S6853592: VM test nsk.regression.b4261880 fails with “X Error of failed request: BadWindow” inconsistently.- Bug fixes * RH647737: Disable compressed oops in hs19 to avoid Eclipse failures. * RH643674: Update fontconfig files for Fedora 11, 12, 13 and 14.- NetX * Do not prompt user multiple times for the same certificate. * PR592: NetX can create invalid desktop entry files * Fri Oct 22 2010 mvyskocilAATTsuse.cz- update to icedtea6-1.9.1 (bnc#642531)- update to openjdk-6-b20 * fixes listed on http://blog.fuseyism.com/index.php/2010/09/10/icedtea6-19-released/- Latest security updates and hardening patches: * S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation * S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition * S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities * S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free * S6938813, CVE-2010-3557: OpenJDK Swing mutable static * S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak * S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability * S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution * S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution * S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies * S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage * S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host * S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) * S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code * S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection * S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts * S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection * S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection * (See: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html) - IcedTeaPlugin: * PR519: 100% CPU usage when displaying applets in Webkit based browsers * Classes are no longer added to rt.jar, but to plugin.jar - NetX: * New man page for javaws * Classes are no longer added to rt.jar, but to netx.jar - bug fixes and backports * S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes * S6638712: Inference with wildcard types causes selection of inapplicable method * S6650759: Inference of formal type parameter (unused in formal parameters) is not performed * S6623943: javax.swing.TimerQueue’s thread occasionally fails to start * RH633510: OpenJDK should use NUMA even if glibc doesn’t provide it - misc: * VisualVM support removed; now available in its own package at http://icedtea.classpath.org/hg/visualvm * A separate build directory is now used for the OpenJDK build: openjdk.build-ecj (stage 1) and openjdk.build (stage 2) - fix bnc#637224 - delta RPM for java-1_6_0-openjdk patch does not match installed data * mark fontconfig and much more files as config noreplace - fix bnc#648260 - update-alternatives: error: alternative pack200 can\'t be slave of java: it is a slave of javac * move *pack200 * from JRE to SDK * add workaround into post removing the *pack * slaves from java alternative - few more filters of rpmlint warnings - Patches changes: * openjdk-6-src-b16-lcms.patch - already included in b20 * openjdk-6-src-b17-enumeration-value.patch - already included in b20 * openjdk-6-src-b17-no-multiline-comments.patch - refresh for b20 * openjdk-6-src-b17-suggest-parentheses.patch - refresh for b20 * openjdk-6-src-b17-initialized-after.patch - refresh for b20 * openjdk-6-src-b20-defined-but-not-used.patch - new warn fix * openjdk-6-src-b20-may-be-used-uninitialized.patch - new fix 2 * openjdk-6-src-b20-array-subscript-has-type-char.patch - new fix 3 * openjdk-6-src-b20-no-werror.patch - remove -Werror from more locations than before * use quilt for applying of SUSE patches -> 2 new BR quilt and vim * Wed Jul 28 2010 mvyskocilAATTsuse.cz- update to icedtea6-1.8.1 (bnc#623905)- update to openjdk-6-b18- Latest security updates and hardening patches: * (CVE-2010-0837): JAR \"unpack200\" must verify input parameters (6902299) * (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) * (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653) * (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217) * (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) * (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390) * (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703) * (CVE-2010-0088): Inflater/Deflater clone issues (6745393) * (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) * (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) * (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) * (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) * (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) * (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823) * (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866) * (CVE-2009-3555): TLS: MITM attacks via session renegotiation- IcedTeaNPPlugin. * RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error * Set context classloader for all threads in an applet\'s threadgroup * PR436: Close all applet threads on exit * PR480: NPPlugin with NoScript extension. * PR488: Question mark changing into underscore in URL. * RH592553: Fix bug causing 100% CPU usage. * Don\'t generate a random pointer from a pthread_t in the debug output. * Add ForbiddenTargetException for legacy support. * Use variadic macro for plugin debug message printing. * Don\'t link the plugin with libxul libraries. * Fix race conditions in plugin initialization code that were causing hangs. * RH506730: BankID (Norwegian common online banking authentication system) applet fails to load. * Fix policy evaluation to match the proprietary JDK. * PR491: pass java_{code,codebase,archive} parameters to Java. * Adds javawebstart.version property and give user permission to read that property. * Old plugin removed; NPPlugin is now the default and is controlled by - -enable/disable-plugin. As with the old plugin, it produces a IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so. * Dependence on the binary plugs mechanism removed. The plugin and NetX code is now imported into the JDK build in the same manner as langtools, CORBA, JAXP and JAXWS. * Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342- NetX: * Fix security flaw in NetX that allows arbitrary unsigned apps to set any java property. * Fix a flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it. * Make path sanitization consistent; use a blacklisting approach. * Make the SingleInstanceServer thread a daemon thread. * Handle JNLP files which use native libraries but do not indicate it * Allow JNLP classloaders to share native libraries * Added encoding support- bug fixes * Nimbus Look \'n\' Feel backported from OpenJDK7. * JAXP and JAXWS now external dependencies rather than being in-tree. * 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups * 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs * 6910590: Application can modify command array in ProcessBuilder * 6909597: JPEGImageReader stepX Integer Overflow Vulnerability * 6932480: Crash in CompilerThread/Parser. Unloaded array klass? * 6678385: Fixes jvm crashes when window is resized. * Produces the \"expected\" behavior for full screen applications, when running the Metacity window manager. * Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code * Zero/Shark * Shark is now able to build itself. * For ARM, add Thumb2 JIT. * Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7. * others http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html * Eliminate spurious exception throwing when using PulseAudio * PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte. * PR PR icedtea/324, icedtea/481: Fix Shark VM crash. * Fix Zero build on Hitachi SH. * PR476: Enable building SystemTap support on GCC 4.5.- disabled systemtap support on openSUSE 11.2, as it requires more recent version- require xulrunner191 on 11.1 too * Thu May 20 2010 mvyskocilAATTsuse.cz- Change the policytool.desktop category to Utilities * Wed May 19 2010 roAATTsuse.de- set locale to utf-8 variant to fix build (broke when going over certificates with utf-8 filenames) * Thu May 13 2010 mvyskocilAATTsuse.cz- fix bnc#603316: openjdk run out of file descriptors * add openjdk-6-src-b17-stack-protector-fclose.patch add the missing fclose to the stack-protector patch * Wed Apr 28 2010 mvyskocilAATTsuse.cz- fixes ppc build * enable nio2 only for ix86 and x86_64 * refresh openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch- ignore old libopenssl on 11.3+- use patch -i, instead of shell redirection * Mon Apr 12 2010 mvyskocilAATTsuse.cz- update to icedtea6-1.7.3 (bnc#594415)- security and hardending * (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299) * (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807 * (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653) * (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217) * (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) * (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390) * (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703) * (CVE-2010-0088): Inflater/Deflater clone issues (6745393) * (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) * (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) * (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) * (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) * (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) * (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823) * (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866) * (CVE-2009-3555): TLS: MITM attacks via session renegotiation * 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups * 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs * 6910590: Application can modify command array in ProcessBuilder * 6909597: JPEGImageReader stepX Integer Overflow Vulnerability * 6932480: Crash in CompilerThread/Parser. Unloaded array klass?- Bug fixes: * Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock * Increase ThreadStackSize by 512kb on 32-bit Zero platforms * Check cacerts database is valid * Fix for plugin buffer overflow: Mozilla bug 555342 * Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code * Thu Mar 18 2010 mvyskocilAATTsuse.cz- fix bnc#589021 - Better protect java stack * openjdk-6-src-b17-stack-protector.patch * Thu Mar 04 2010 mvyskocilAATTsuse.cz- Updates: * icedtea6-1.7 * openjdk6 b17 14_oct_2009- Enabled NPPlugin - fix [bnc#582206]- patches changes: * obsolete java-1.6.0-openjdk-sparc-fixes.patch * obsolete java-1.6.0-openjdk-sparc-hotspot.patch * obsolete icedtea6-1.6-npplugin-xulrunner191.patch * obsolete icedtea6-1.6-no-return-in-nonvoid-function.patch * obsolete icedtea6-ecc-support-b387a64caa08.patch * add a lot of patches fixes a build of openjdk6 with gcc4.5 using - Werror -Wall openjdk-6-src-b17-no-multiline-comments.patch openjdk-6-src-b17-enumeration-value.patch openjdk-6-src-b17-suggest-parentheses.patch openjdk-6-src-b17-no-efect.patch openjdk-6-src-b17-initialized-after.patch openjdk-6-src-b17-unused-variable.patch * openjdk-6-src-b17-no-werror.patch (suppress the errors in autogenerated code) * icedtea6-1.7-no-return-in-non-void.patch- move the noarch content to %%{_datadir}/ and create symlinks in usual locations- move demo/jvmti to the -devel package as it contains so files- enable the --short-circuit in %%install section- new alternatives - policytool and policytool.1.gz * Tue Feb 09 2010 prusnakAATTsuse.cz- enable noarch subpackages * Mon Nov 23 2009 mvyskocilAATTsuse.cz- Removed openjdk-6-src-b14-confluence-crash.patch from source dir * Tue Nov 10 2009 mvyskocilAATTsuse.cz- Fixed bnc#554069 - VUL-0: Icedtea6 1.6.2 released * a lot of security patches in icedtea6-1.6.2 * Improved jar performance, http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b35f1e5075a4- Obsoleted java-1.6.0-openjdk-makefile.patch * Wed Oct 14 2009 mvyskocilAATTsuse.cz- Fixed bnc#546468: openjdk fails on certificate creation applied upstream patch icedtea6-ecc-support-b387a64caa08.patch http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356- Moved back from npplugin, as its not mature http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=385#c5 * Thu Oct 08 2009 mvyskocilAATTsuse.cz- Use 1.6.0 instead of javamajver macro to supress percent in provides error. * Tue Sep 29 2009 mvyskocilAATTsuse.cz- fixed bnc#542545: added 32/64bit specific provides to be compatible with other JVM and OpenOffice.org * Thu Sep 10 2009 mvyskocilAATTsuse.cz- Updates: * icedtea6-1.6 - fixes bnc#537969 * hospot 09f7962b8b44- patches changes: * added icedtea6-1.6-npplugin-xulrunner191.patch * added java-1.6.0-openjdk-sparc-fixes.patch (from Fedora) * added java-1.6.0-openjdk-sparc-hotspot.patch (from Fedora) * added icedtea6-1.6-no-return-in-nonvoid-function.patch (allows build on 11.1) * regenerated java-1.6.0-openjdk-java-access-bridge-security.patch * regenerated java-1.6.0-openjdk-makefile.patch * removed icedtead6-1.5-npplugin-xulrunner191.patch * removed java-1.6.0-openjdk-execvpe.patch * removed java-1.6.0-openjdk-netx.patch * Wed Aug 19 2009 mvyskocilAATTsuse.cz- Fixed bnc#530046 - jmap fails: NoSuchSymbolException: Could not find symbol \"gHotSpotVMTypeEntryTypeNameOffset\" keep non debug symbols in libjvm.so * Tue Aug 11 2009 mvyskocilAATTsuse.cz- Updates: * icedtea6-1.5.1 contains a lot of security fixes from Sun JDK6u15 This includes fixes for: * bnc#524505: Vulnerability in OpenJDK/NetX * bnc#514421: XML Signature weakness (HMAC truncation)- Fixed bnc#521512: lcms pointer dereference- Dropped some s390 patches, because they was obsoleted and not used- Fixed bnc#525097 - openjdk installs dead .desktop files * now removed *.desktop from %%files of openjdk * Wed Jul 29 2009 mvyskocilAATTsuse.cz- Updates: * icedtea-1.5 * visualvm-111 * hotspot 25a020f13592- Fixed bnc#525097 - openjdk installs dead .desktop files- Remove archsuffix usage- patches changes: * added java-1.6.0-openjdk-accessible-toolkit.patch * added java-1.6.0-openjdk-netx.patch * added java-1.6.0-openjdk-execvpe.patch * added icedtead6-1.5-nppplugin-xulrunner191.patch * removed openjdk-6-src-b14-confluence-crash.patch * refreshed java-1.6.0-openjdk-makefile.patch- new features and fixes: * Fixed security handling to prevent access denials when there is a site specific exception in the policy file * Allow extentions (chrome) to run Java code with full permissions * Added non-trusted SSL support to WebStart (javaws) * Added proxy support * Other improvements that were breaking specific sites (tag parser fix, nested jar support, etc.) * Added JVM Console (used by http://chrispederick.com/work/web-developer/) * Many gervill, java2d, nio2, pulse java, zero/shark, jtreg fixes. * New IcedTeaNPPlugin * Thu Jun 11 2009 mvyskocilAATTsuse.cz- Merged fontfonfig for openjdk and Sun: * Use Sazanami Mincho for monospaced fonts * Added AWT X11 font paths * Mon May 25 2009 mvyskocilAATTsuse.cz- Enabled systemtap only for jit architectures only- Refreshed non-return-in-non-void ppc patch * Fri May 15 2009 mvyskocilAATTsuse.cz- \'used systemtap-sdt-devel (see bnc#503088)\' * Thu May 14 2009 mvyskocilAATTsuse.cz- Change version system for openjdk, now it uses a %%{javaver}.%%{buildver}_%{{openjdkver}- Enabled systemtap support- Moved jpackage macro definitions upper in spec * Wed May 13 2009 mvyskocilAATTsuse.cz- updates: * openjdk b16 * icedtea snapshot cc658d9f4a64 * hotspot snapshot fc6a5ae3fef5- new features: * systemtap support (not yet enabled in SUSE) * removed gcjwebplugin * fixed lcms breakage https://bugs.openjdk.java.net/show_bug.cgi?id=100050 * fixes in JNLP runtime * various improvements in support of third party VMs (shark, cacao, zero)- patches changes: * removed obsoleted pulseaudio patch * added openjdk-6-src-b16-no-return-in-nonvoid-function.patch- enabled tests- build using xulrunner 1.9.1 on 11.2 * Tue Apr 21 2009 mvyskocilAATTsuse.cz- fixed bnc#496378: openjdk has an empty keystore * Tue Apr 14 2009 mvyskocilAATTsuse.cz- fixed bnc#493146: pulse-java integer overflow * Tue Apr 07 2009 mvyskocilAATTsuse.cz- fixed bnc#492555: tomcat6 and confluence causes a JVM crash http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/039a914095f4 * Fri Apr 03 2009 mvyskocilAATTsuse.cz- icedtea 1.4.1: - Fixed version string: Set PRODUCT_NAME to OpenJDK, unless doing a CACAO build (set to IcedTea). - Plugin fixes: icedtead bug#264. - Re-implemented visualvm. * Mon Mar 02 2009 mvyskocilAATTsuse.cz- fixed ppc/ppc64 build bnc#471829 comment#28 - added openjdk-6-src-b14-no-return-in-nonvoid-function-ppc.patch
|
|
|