Changelog for
java-1_6_0-openjdk-1.6.0.44-6.2.x86_64.rpm :
Fri Jan 26 13:00:00 2018 fstrbaAATTsuse.com
- Modified patch:
* icedtea6-1.13.13-b44.patch
+ Fix zero bootstrap build with ecj
Thu Nov 16 13:00:00 2017 fstrbaAATTsuse.com
- Updated to OpenJDK6 jdk6-b44
* Security fixes:
- S8138725: Add options for Javadoc generation
- S8140353: Improve signature checking
- S8151934, CVE-2017-3231: Resolve class resolution
- S8158406: Limited Parameter Processing
- S8158997: JNDI Protocols Switch
- S8161218: Better bytecode loading
- S8161743, CVE-2017-3252: Provide proper login context
- S8162577: Standardize logging levels
- S8162973: Better component components
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163958, CVE-2017-10102, bsc#1049316: Improved garbage
collection
- S8164147, CVE-2017-3261: Improve streaming socket output
- S8165071, CVE-2016-2183: Expand TLS support
- S8165344, CVE-2017-3272: Update concurrency support
- S8166988, CVE-2017-3253: Improve image processing performance
- S8167104, CVE-2017-3289: Additional class construction
refinements
- S8167110, CVE-2017-3514: Windows peering issue
- S8167223, CVE-2016-5552: URL handling improvements
- S8167228: Update to libpng 1.6.28
- S8168714, CVE-2016-5546: Tighten ECDSA validation
- S8168728, CVE-2016-5548: DSA signing improvments
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8169209, CVE-2017-10053, bsc#1049305: Improved image
post-processing steps
- S8169392, CVE-2017-10067, bsc#1049306: Additional jar
validation steps
- S8170222, CVE-2017-3533: Better transfers of files
- S8170966, CVE-2017-10081, bsc#1049309: Right parenthesis
issue
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172204, CVE-2017-10087, bsc#1049311: Better Thread Pool
execution
- S8172299: Improve class processing
- S8172461, CVE-2017-10089, bsc#1049312: Service Registration
Lifecycle
- S8172469, CVE-2017-10096, bsc#1049314: Transform Transformer
Exceptions
- S8173286, CVE-2017-10101, bsc#1049315: Better reading of text
catalogs
- S8173697, CVE-2017-10107, bsc#1049318: Less Active
Activations
- S8173770, CVE-2017-10074, bsc#1049307: Image conversion
improvements
- S8174098, CVE-2017-10110, bsc#1049321: Better image fetching
- S8174105, CVE-2017-10108, bsc#1049319: Better naming
attribution
- S8174113, CVE-2017-10109, bsc#1049320: Better sourcing of
code
- S8174770: Check registry registration location
- S8174873: Improved certificate processing
- S8175106, CVE-2017-10115, bsc#1049324: Higher quality DSA
operations
- S8176055: JMX diagnostic improvements
- S8176067, CVE-2017-10116, bsc#1049325: Proper directory
lookup processing
- S8176760, CVE-2017-10135, bsc#1049328: Better handling of
PKCS8 material
* Other
- S4717864: setFont() does not update Fonts of Menus already on
screen
- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException
- S6592751: EmbeddedFrame disposal is fragile and breaks clean
AppContext termination
- S6858484: If an invalid HMAC XML Signature is validated, all
subsequent valid HMAC signatures are invalid
- S6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails
under all platforms
- S6885204: JSSE should not require Kerberos to be present
- S6887710: Jar index should avoid putting META-INF in the
INDEX.LIST
- S6945961: SIGSEGV in memcpy() during class loading on
linux-i586
- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java
hangs on win 64 bit with jdk8
- S7170169: (props) System.getProperty(\"os.name\") should return
\"Windows 8\" when run on Windows 8
- S7173645: (props) System.getProperty(\"os.name\") should return
\"Windows Server 2012\" for Windows Server 2012
- S8010714: XML DSig API allows a RetrievalMethod to reference
another RetrievalMethod
- S8013434: Xalan and Xerces internal ObjectFactory need rework
- S8020191: System.getProperty(\"os.name\") returns \"Windows NT
(unknown)\" on Windows 8.1
- S8030787: [Parfait] JNI-related warnings from b119 for
jdk/src/share/native/sun/awt/image
- S8037287: Windows build failed after JDK-8030787
- S8066504: GetVersionEx in
java.base/windows/native/libjava/java_props_md.c might not get
correct Windows version 0
- S8075118: JVM stuck in infinite loop during verification
- S8079595: Resizing dialog which is JWindow parent makes JVM
crash
- S8130769: The new menu can\'t be shown on the menubar after
clicking the \"Add\" button.
- S8139565: Restrict certificates with DSA keys less than 1024
bits
- S8140422: Add mechanism to allow non default root CAs to be
not subject to algorithm restrictions
- S8140483: Atomic
*FieldUpdaters final fields should be trusted
- S8140587: Atomic
*FieldUpdaters should use Class.isInstance
instead of direct class check
- S8143377: Test PKCS8Test.java fails
- S8147842: IME Composition Window is displayed at incorrect
location
- S8148516: Improve the default strength of EC in JDK
- S8149450: LdapCtx.processReturnCode() throwing Null Pointer
Exception
- S8150490: Update OS detection code to recognize Windows
Server 2016
- S8151893: Add security property to configure XML Signature
secure validation mode
- S8155690: Update libPNG library to the latest up-to-date
- S8156802: Better constraint checking
- S8160108: Implement Serialization Filtering
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161571: Verifying ECDSA signatures permits trailing bytes
- S8162461: Hang due to JNI up-call made whilst holding JNI
critical lock
- S8163304: jarsigner -verbose -verify should print the
algorithms used to sign the jar
- S8165230: RMIConnection addNotificationListeners failing with
specific inputs
- S8166393: disabledAlgorithms property should not be strictly
parsed
- S8166739: Improve extensibility of ObjectInputFilter
information passed to the filter
- S8166875: (tz) Support tzdata2016g
- S8166878: Connection reset during TLS handshake
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8167459: Add debug output for indicating if a chosen
ciphersuite was legacy
- S8167472: Chrome interop regression with JDK-8148516
- S8167591: Add MD5 to signed JAR restrictions
- S8168861: AnchorCertificates uses hardcoded password for
cacerts keystore
- S8168993: JDK8u121 L10n resource file update
- S8169191: (tz) Support tzdata2016i
- S8169688: Backout (remove) MD5 from
jdk.jar.disabledAlgorithms for January CPU
- S8170131: Certificates not being blocked by
jdk.tls.disabledAlgorithms property
- S8170268: 8u121 L10n resource file update - msgdrop 20
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8171388: Update JNDI Thread contexts
- S8173783: IllegalArgumentException: jdk.tls.namedGroups
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss swap
to commercial header for licensee source bundle
- S8174985: NTLM authentication doesn\'t work with IIS if NTLM
cache is disabled
- S8175072: [openjdk6] Kerberos JCK tests fail on systems
without krb5.conf file
- S8175251: Failed to load RSA private key from pkcs12
- S8176044: (tz) Support tzdata2017a
- S8176731: JCK tests in api/javax_xml/transform/ spec
conformance started failing after 8172469
- S8176769: Remove accidental spec change in jdk8u
- S8177449: (tz) Support tzdata2017b
- S8180582: The bind to rmiregistry is rejected by
registryFilter even though registryFilter is set
- S8180769: [openjdk6] JVM crashes when running with
- showversion option
- S8181591: 8u141 L10n resource file update
- S8182054: Improve wsdl support
- Added patch:
* icedtea6-1.13.13-b44.patch
- Modify icedtea patches to apply to the jdk6-b44 tree
Wed Jun 21 14:00:00 2017 fstrbaAATTsuse.com
- Add openjdk-libjvm-link.patch and openjdk-libjvm-link-ecj.patch
to link libjvm and libmawt with g++ to support the mix of GCC 6
java and GCC 7 C++ compiler.
- Get ecj.jar path from gcj, use the gcc variant that provides Java
to build C code to make sure jni.h is available.
Tue Mar 7 13:00:00 2017 fstrbaAATTsuse.com
- Update the buildver to correspond to what java reports
Wed Jan 11 13:00:00 2017 fstrbaAATTsuse.com
- Updated to 1.13.13
* Security fixes
- S8151921: Improved page resolution
- S8155968: Update command line options
- S8155973, CVE-2016-5542: Tighten jar checks
- S8157176: Improved classfile parsing
- S8157739, CVE-2016-5554: Classloader Consistency Checking
- S8157749: Improve handling of DNS error replies
- S8157753: Audio replay enhancement
- S8158302: Handle contextual glyph substitutions
- S8158993, CVE-2016-5568: Service Menu services
- S8159495, PR3276: Fix index offsets
- S8159503: Amend Annotation Actions
- S8159511: Stack map validation
- S8159515: Improve indy validation
- S8159519, CVE-2016-5573: Reformat JDWP messages
- S8160090: Better signature handling in pack200
- S8160094: Improve pack200 layout
- S8160591, CVE-2016-5582: Improve internal array handling
- S8160838, CVE-2016-5597: Better HTTP service
* Import of OpenJDK6 b41
- S4787377: VK_STOP key on Solaris generates wrong Key Code
- S4947220: (process)Runtime.exec() cannot invoke applications
with unicode parameters(win)
- S5036807: Pressing action keys \"STOP/AGAIN/COMPOSE\" generates
keycode of F11/F12 keys.
- S5099725: AWT doesn\'t seem to handle MappingNotify events
under X11.
- S5100701: Toolkit.getLockingKeyState() does not work on
XToolkit, but works on Motif
- S6324292: keytool -help is unhelpful
- S6464022: Memory leak in JOptionPane.createDialog
- S6501385: ColorChooser demo - two elemets have same mnemonic
in it locale, GTK L&F
- S6535697: keytool can be more flexible on format of
PEM-encoded X.509 certificates
- S6561126: keytool should use larger default keysize for
keypairs
- S6566218: l10n of 6476932
- S6606396: Notepad and Stylepad demos don\'t run in Japanese
locale.
- S6608456: need API to define RepaintManager per components
hierarchy
- S6624200: Regression test fails:
test/closed/javax/swing/JMenuItem/4654927/bug4654927.java
- S6675400: \"Details\" in English has to be \"Details\" in German
- S6680988: KeyEvent is still missing VK values for many
keyboards
- S6683775: Painting artifacts is seen when panel is made
setOpaque(false) for a translucent window
- S6693507: There are unnecessary compilation warnings in the
com.sun.java.swing.plaf.motif package
- S6709758: keytool default cert fingerprint algorithm should be
SHA1, not MD5
- S6711676: Numpad keys trigger more than one KeyEvent.
- S6719382: Printing of AWT components on windows is not working
- S6726866: Repainting artifacts when resizing or dragging
JInternalFrames in non-opaque toplevel
- S6727661: Code improvement and warnings removing from the
swing/plaf packages
- S6727662: Code improvement and warnings removing from swing
packages
- S6794764: Translucent windows are completely repainted on
every paint event, on Windows
- S6796710: Html content in JEditorPane is overlapping on swing
components while resizing the application.
[TEST FRAMEWORK ONLY]
- S6802846: jarsigner needs enhanced cert validation(options)
- S6867657: Many JSN tests do not run under cygwin
- S6870812: enhance security tools to use ECC algorithms
- S6871299: Shift+Tab no longer generates a KEY_TYPED event;
used to with JRE 1.5
- S6871847: AlgorithmId.get(\"SHA256withECDSA\") not available
- S6882559: new JEditorPane(\"text/plain\",\"\") fails for null
context class loader
- S6894719: (launcher)The option -no-jre-restrict-search is
expected when -jre-no-restrict-search is documented.
- S6901170: HttpCookie parsing of version and max-age mis-handled
- S6911129: These tests do not work with CYGWIN: java/lang
- S6922482: keytool\'s help on -file always shows \'output file\'
- S6923681: Jarsigner crashes during timestamping
- S6939248: Jarsigner can\'t extract Extended Key Usage from
Timestamp Reply correctly
- S6959252: convert the anonymous arrays to named arrays in Java
List Resource files
- S6969683: Generify ResolverConfiguration codes
- S6980510: Fix for 6959252 broke JConsole mnemonic keys
- S6982840: sun/security/tools/jarsigner/emptymanifest.sh fails
- S6987827: security/util/Resources.java needs improvement
- S6988163: sun.security.util.Resources dup and a keytool doc
typo
- S7004168: jarsigner -verify checks for KeyUsage codesigning
ext on all certs instead of just signing cert
- S7013850: Please change the mnemonic assignment system to
avoid translation issue
- S7017818: NLS: JConsoleResources.java cannot be handled by
translation team
- S7019937: Translatability bug - Remove Unused String - String
ID , read end of file
- S7019938: Translatability bug - Remove Unused String - String
ID can not specify Principal with a
- S7019940: Translatability bug - Remove unused string - String
ID: provided null name
- S7019942: Translatability bug - String ID: trustedCertEntry,
- S7019945: Translatability bug - Translatability issue - String
ID:
* has NOT been verified! In order to veri
- S7019947: Translatability bug - Translatability issue - String
ID:
* The integrity of the information stored i
- S7019949: Translatability bug - Translatability issue - String
ID:
* you must provide your keystore password.
- S7020531: test:
java/security/cert/CertificateFactory/openssl/OpenSSLCert.java
file not closed after run
- S7021693: [ja, zh_CN] jconsole throws exception and fail to
start in ja and zh_CN locales
- S7022005: [ja,zh_CN] javadoc, part of navigation bar in
generated html are not translated.
- S7024118: possible hardcoded mnemonic for JFileChooser metal
and motif l&f
- S7025267: NLS: t13y fix for 7021689 [ja] Notepad demo throws
NPE
- S7028447: security-related resources Chinese translation errors
- S7028490: better suggestion for jarsigner when TSA is not
accessible
- S7030174: Jarsigner should accept TSACert with an HTTPS
id-ad-timeStamping SIA
- S7032018: The file list in JFileChooser does not have an
accessible name
- S7032436: When running with the Nimbus look and feel, the
JFileChooser does not display mnemonics
- S7034259: [all] incorrect mnemonic keys in JCP automatic
update advanced settings dialog.
- S7034940: message drop 2 translation integration
- S7035843: [zh_CN, ja] JConsole mnemonic keys don\'t work
- S7038803: [CCJK] Incorrect mnemonic key (0) is displayed on
cancel button on messagedialog of JOptionPane
- S7038807: [CCJK] OK button on message dialog of JOptionpane is
not translated
- S7040228: [zh_TW] extra (C) on cancel button on File Chooser
dialog
- S7040257: [pt_BR,fr] Print dialog has duplicate mnemonic key.
- S7042323: [sv, de, es, it] Print dialog has duplicate mnemonic
key
- S7042475: [ja,zh_CN] extra mnemonic key in jconsole
- S7043548: message drop 3 translation integration
- S7045132: sun.security.util.Resources_pt_BR.java translation
error
- S7045184: GTK L&F doesn\'t have hotkeys in jdk7 b141, while
b139 has.
- S7062969: java -help still shows
http://java.sun.com/javase/reference
- S7090158: Networking Libraries don\'t build with javac -Werror
- S7090832: Some locale info are not localized for some
languages.
- S7093156: NLS Please change the mnemonic assignment system to
avoid translation issue (Swing files)
- S7102686: Restructure timestamp code so that jars and modules
can more easily share the same code
- S7109085: Test use hotkeys not intended for Mac
- S7116786: RFE: Detailed information on VerifyErrors
- S7124171: 7u4 l10n message update related to Mac OS X port
- S7125055: ContentHandler.getContent API changed in error
- S7132247: java/rmi/registry/readTest/readTest.sh failing with
Cygwin
- S7142339: PKCS7.java is needlessly creating SHA1PRNG
SecureRandom instances when timestamping is not done
- S7145375: 7u4 l10n message update related to langtools
- S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on
windows
- S7146099: NLS: [de,es,it,ko,pt_BR]launcher_
*
*.properties,
double backslash issue.
- S7149012: jarsigner needs not warn about cert expiration if
the jar has a TSA timestamp
- S7158712: Synth Property \"ComboBox.popupInsets\" is ignored
- S7169226: NLS: Please change the mnemonic assignment system
for windows and motif properties
- S7174970: NLS [ccjk] Extra mnemonic keys at standard
filechooserdialog (open and save) in metal L&F
- S7175367: NLS: 7u6 message drop10 integration
- S7176894: back out LocaleNames_xx.properties files from 7u6
message drop10
- S7178145: Change constMethodOop::_exception_table to
optionally inlined u2 table.
- S7181632: nsk classLoad001_14 failure and CompileTheWorld
crash after 7178145.
- S7182226: NLS: jdk7u6 message drop20 integration
- S7183203: ShortRSAKeynnn.sh tests intermittent failure
- S7187051: ShortRSAKeynnn.sh tests should do cleanup before
start test
- S7194449: String resources for Key Tool and Policy Tool should
be in their respective packages
- S8000626: Implement dead key detection for KeyEvent on Linux
- S8003890: corelibs test scripts should pass TESTVMOPTS
- S8008764: 7uX l10n resource file translation update
- S8009168: accessibility.properties syntax issue
- S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID)
as defined in RFC3161
- S8010297: Missing isLoggable() checks in logging code
- S8010782: clean up source files containing carriage return
characters
- S8014048: Online user guide of jconsole points incorrect link
- S8014431: cleanup warnings indicated by the -Wunused-value
compiler option on linux
- S8015265: revise the fix for 8007037
- S8016579: (process) IOException thrown by
ProcessBuilder.start() method is incorrectly encoded
- S8019541: 7u40 l10n resource file translation update
- S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame
demo
- S8023338: Update jarsigner to encourage timestamping
- S8024302: Clarify jar verifications
- S8024756: method grouping tabs are not selectable
- S8026741: jdk8 l10n resource file translation update 5
- S8027787: 7u51 l10n resource file translation update 1
- S8030698: Several GUI labels in jconsole need correction
- S8030878: JConsole issues meaningless message if SSL
connection fails
- S8035988: 7u60 l10n resource file translation update 1
- S8038837: Add support to jarsigner for specifying timestamp
hash algorithm
- S8048147: Privilege tests with JAAS Subject.doAs
- S8048357: PKCS basic tests
- S8049171: Additional tests for jarsigner\'s warnings
- S8055176: 7u71 l10n resource file translation update
- S8057530: (process) Runtime.exec throws garbled message in jp
locale
- S8059177: jdk8u40 l10n resource file translation update 1
- S8065609: 7u76 l10n resource file translation update
- S8076486: [TESTBUG]
javax/security/auth/Subject/doAs/NestedActions.java fails if
extra VM options are given
- S8077953: [TEST_BUG]
com/sun/management/OperatingSystemMXBean/TestTotalSwap.java
Compilation failed after JDK-8077387
- S8078628, PR3152: Zero build fails with pre-compiled headers
disabled
- S8080628: No mnemonics on Open and Save buttons in JFileChooser
- S8083601: jdk8u60 l10n resource file translation update 2
- S8140530, PR3276: Creating a VolatileImage with size 0,0
results in no longer working g2d.drawString
- S8142926: OutputAnalyzer\'s shouldXXX() calls return this
- S8143134: L10n resource file translation update
- S8147077: IllegalArgumentException thrown by
api/java_awt/Component/FlipBufferStrategy/indexTGF_General
- S8148127: IllegalArgumentException thrown by JCK test
api/java_awt/Component/FlipBufferStrategy/indexTGF_General in
opengl pipeline
- S8150611: Security problem on sun.misc.resources.Messages
*
- S8157077: 8u101 L10n resource file updates
- S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
- S8158734: JEditorPane.createEditorKitForContentType throws NPE
after 6882559
- S8159684: (tz) Support tzdata2016f
- S8162411: Service Menu services 2
- S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh
failing after JDK-8155968
- S8162511: 8u111 L10n resource file updates
- S8162792: Remove constraint DSA keySize < 1024 from
jdk.jar.disabledAlgorithms in jdk8
- S8164452: 8u111 L10n resource file update - msgdrop 20
- S8165816: jarsigner -verify shows jar unsigned if it was
signed with a weak algorithm
- S8166381: Back out changes to the java.security file to not
disable MD5
- S8169448, PR3205: OpenJDK 6 fails to build without
pre-compiled headers
- S8171415: Remove Java 7 features from testlibrary
- S8171954: Add stubs for sun.security.tools.KeyTool and
sun.security.tools.JarSigner
- S8172159: Remove AATTOverride annotation on interfaces added by
b41 updates
- S8172252: Remove over-zealous switch to for-each loop in
SortingFocusTraversalPolicy
* Backports
- S6974985, PR3276: Java2Demo threw exceptions when xrender
enabled in OEL5.5
- S6985593, PR3276: Crash in
Java_sun_java2d_loops_MaskBlit_MaskBlit on oel5.5-x64
* Bug fixes
- PR3174: systemtap: type definition \'symbolOopDesc\' not found
- PR3175: invalid zip timestamp handling leads to error updating
JAR files
- PR3213: Disable ARM32 JIT by default
- PR3275: Update generated files after OpenJDK 6 b41 update
- Modified patch:
* openjdk-6-src-b17-no-efect.patch
* icedtea6-1.13.11-aarch64.patch -> icedtea6-1.13.13-aarch64.patch
- rediff to change in context
Thu Aug 25 14:00:00 2016 fstrbaAATTsuse.com
- Updated to 1.13.12
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams
- S8155981, CVE-2016-3606: Bolster bytecode verification
* Import of OpenJDK6 b40
- S6496269: Many warnings generated from
com/sun/java/util/jar/pack/
*.cpp when compiled on Linux
- S6522789: [zh_CN] translation of \"enclosing class\" in doclet
is incorrect
- S6575373: Error verifying signatures of pack200 files in some
cases [TEST ONLY]
- S6579775: l10n update after 6212566
- S6600143: Remove another 450 unnecessary casts
- S6611629: Avoid hardcoded cygwin paths for memory detection
- S6690018: RSAClientKeyExchange NullPointerException
- S6712743: pack200: should default to 150.7 pack format for
classfiles without any classes.
- S6714842: CertPathBuilder returns incorrect CertPath for
BasicConstraints in builderParams
- S6726309: Compiler warnings in nio code
- S6727683: Cleanup use of COMPILER_WARNINGS_FATAL in makefiles
- S6755847: (launcher) will trigger assertions in debug build
- S6852744: PIT b61: PKI test suite fails because self signed
certificates are being rejected
- S6858127: Missing -DNDEBUG on Linux and Windows native code
compiles
- S6864028: Update the java launcher to use the new entry point
JVM_FindClassFromBootLoader
- S6875904: Java 7 message synchronization 1
- S6882437: CertPath/X509CertPathDiscovery/Test fails on
jdk7/pit/b62
- S6888127: java.util.jar.Pack200.Packer Memory Leak
- S6888925: SunMSCAPI\'s Cipher can\'t use RSA public keys
obtained from other sources.
- S6889552: Sun provider should not require LDAP CertStore to be
present
- S6941936: Broken pipe error of test case DNSIdentities.java
[Test only]
- S6951599: Rename package of security tools for modularization
- S6953295: Move few sun.security.{util, x509, pkcs} classes
used by keytool/jarsigner to another package
- S6958026: Problem with PKCS12 keystore
- S6966737: (pack200) the pack200 regression tests need to be
more robust.
- S6982312: (pack200) pack200 fails with the jdk7 class files
- S6985763: Pack200.Packer.pack(...) and
Pack200.Unpacker.unpack(...) throw unspecified exceptions
- S6990106: FindBugs scan - Malicious code vulnerability
Warnings in com.sun.java.util.jar.pack.
*
- S6994413: JDK_GetVersionInfo0 only expects a two digit build
number
- S7000752: Duplicate entry in RowSetResourceBundles.properties
- S7001094: Can\'t initialize SunPKCS11 more times than PKCS11
driver maxSessionCount
- S7003227: (pack200) intermittent failures compiling pack200
- S7004706: l10n of 7000752 Duplicate entry in
RowSetResourceBundles.properties
- S7006704: (pack200) add missing file for 6990106
- S7011497: Improve trust anchor searching method during cert
path validation
- S7017734: jdk7 message drop 1 translation integration
- S7023416: (pack200) fix parfait issues
- S7029680: fix test/sun/misc/Version/Version.java build parsing
- S7038175: Expired PKITS certificates causing CertPathBuilder
and CertPathValidator regression test failures
- S7050826, PR2956, RH1334465: Hebrew characters are not
rendered on OEL 5.6
- S7055363: jdk_security3 test target cleanup
- S7060849: Eliminate pack200 build warnings
- S7064075: Security libraries don\'t build with
javac -Xlint:all,-deprecation -Werror
- S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java
failing
- S7092825: javax.crypto.Cipher.Transform.patternCache is
synchronizedMap and became scalability bottleneck.
- S7105780: Add SSLSocket client/SSLEngine server to templates
directory
- S7107613: scalability blocker in javax.crypto.CryptoPermissions
- S7107616: scalability blocker in javax.crypto.JceSecurityManager
- S7109274: Restrict the use of certificates with RSA keys less
than 1024 bits
- S7129083: CookieManager does not store cookies if url is read
before setting cookie manager
- S7152582: PKCS11 tests should use the NSS libraries available
in the OS
- S7166955: (pack200) JNI_GetCreatedJavaVMs needs additional
checking
- S7196855: autotest.sh fails on ubuntu because libsoftokn.so
not found
- S7200682: TEST_BUG: keytool/autotest.sh still has problems
with libsoftokn.so
- S8002306: (se) Selector.open fails if invoked with thread
interrupt status set [win]
- S8009634: TEST_BUG: sun/misc/Version/Version.java handle 2
digit minor in VM version
- S8010166: TEST_BUG: fix for 8009634 overlooks possible version
strings (sun/misc/Version/Version.java)
- S8013228: Create new system properties to control allowable
OCSP clock skew and CRL connection timeout
- S8019341: Update CookieHttpsClientTest to use the newer
framework.
- S8022228: Intermittent test failures in
sun/security/ssl/javax/net/ssl/NewAPIs
- S8022594: Potential deadlock in
of
sun.nio.ch.Util/IOUtil
- S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails
intermittently
- S8026794: Test tools/pack200/TimeStamp.java fails while
opening golden.jar.native.IST on linux-ppc(v2)
- S8027026: Change keytool -genkeypair to use -keyalg RSA
- S8029177: [Parfait] warnings from b117 for
jdk.src.share.native.com.sun.java.util.jar: JNI exception
pending
- S8029646: [pack200] should support the new zip64 format.
- S8036612: [parfait] JNI exception pending in
jdk/src/windows/native/sun/security/mscapi/security.cpp
- S8037557: test SessionCacheSizeTests.java timeout
- S8074839: Resolve disabled warnings for libunpack and the
unpack200 binary
- S8079410: Hotspot version to share the same update and build
version from JDK
- S8130735: javax.swing.TimerQueue: timer fires late when
another timer starts
- S8139436: sun.security.mscapi.KeyStore might load incomplete
data
- S8140344: add support for 3 digit update release numbers
- S8144313: Test SessionTimeOutTests can be timeout
- S8145017: Add support for 3 digit hotspot minor version numbers
- S8146387: Test SSLSession/SessionCacheSizeTests socket accept
timed out
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression
tests fail after JDK-8138811
- S8147857: [TEST] RMIConnector logs attribute names incorrectly
- S8151841, PR3099: Build needs additional flags to compile with
GCC 6
- S8151876: (tz) Support tzdata2016d
- S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow
not known.
- S8162344: The API changes made by CR 7064075 need to be
reverted
- S8162818: Sync src/share/native/com/sun/media code with
OpenJDK 7
- S8162828: Sync imageioJPEG.c with initial OpenJDK 7 version
- S8163022, PR2954: Remove AATTOverride annotation on interfaces
added by 2016/04 security fixes
- S8164181: Remove AATTOverride annotation on interfaces added by
2016/07 security fixes
- S8164426: Normalise whitespace in
src/share/classes/com/sun/java/util/jar/pack
- S8164554: test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java
still failing
- S8164555: pack200: Leave ZipFile open on exceptions
* Backports
- S2178143, PR2959: JVM crashes if the number of bound CPUs
changed during runtime
- S6260348, PR3068: GTK+ L&F JTextComponent not respecting
desktop caret blink rate
- S6961123, PR2975: setWMClass fails to null-terminate WM_CLASS
string
* Bug fixes
- PR2800: Files are missing from resources.jar
- PR2954: ecj/override.patch is missing new AATTOverrides in
RMIJRMPServerImpl.java
- PR2961: Latest security update broke bundled LCMS2 build
- PR2962: System default check doesn\'t match all GNU/Linux
systems
- PR2969: ENABLE_SYSTEM_LCMS is not defined if ENABLE_LCMS2
is not set
- PR3092: SystemTap is heavily confused by multiple JDKs
- PR3117: Add tests for Java debug info and source files
- PR3129: pax-mark-vm script calls \"exit -1\" which is invalid
in dash
- PR3130: Avoid giving PAX_COMMAND a value if no PaX utility is
available
- PR3132: PaX marking fails on filesystems which don\'t support
extended attributes
- PR3137: GTKLookAndFeel does not honor
gtk-alternative-button-order
- PR3140: Pass $(CC) and $(CXX) to OpenJDK build
- PR3142: Don\'t assume system mime.types supports
text/x-java-source
- PR3144: Test subdirectory of build tree not emptied
Tue 10 May 07:17:51 UTC 2016 - fstrbaAATTsuse.com
- Updated to 1.13.11
* Security fixes
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
* Import of OpenJDK6 b39
- S4459600: java -jar fails to run Main-Class if classname
followed by whitespace.
- S6378099: RFE: Use libfontconfig to create/synthesise a
fontconfig.properties
- S6452854: Provide a flag to print the java configuration
- S6742159: (launcher) improve the java launching mechanism
- S6752622: java.awt.Font.getPeer throws
\"java.lang.InternalError: Not implemented\" on Linux
- S6758881: (launcher) needs to throw NoClassDefFoundError
instead of JavaRuntimeException
- S6856415: Enabling java security manager will make program
thrown wrong exception ( main method not found )
- S6892493: potential memory leaks in 2D font code indentified
by parfait.
- S6925851: Localize JRE into pt_BR (corba)
- S6968053: (launcher) hide exceptions under certain launcher
failures
- S6977738: Deadlock between java.lang.ClassLoader and
java.util.Properties
- S6981001: (launcher) EnsureJREInstallation is not being called
in order
- S7017734: jdk7 message drop 1 translation integration
- S7026184: (launcher) Regression: class with unicode name can\'t
be launched by java.
- S7104161: test/sun/tools/jinfo/Basic.sh fails on Ubuntu
- S7125442: jar application located in two bytes character named
folder cannot be run with JRE 7 u1/u2
- S7127906: (launcher) convert the launcher regression tests to
java
- S7141141: Add 3 new test scenarios for testing Main-Class
attribute in jar manifest file
- S7158988: jvm crashes while debugging on x86_32 and x86_64
- S7189944: (launcher) test/tools/launcher/Arrrrghs.java needs a
couple of minor fixes
- S7193318: C2: remove number of inputs requirement from Node\'s
new operator
- S8002116: This JdbReadTwiceTest.sh gets an exit 1
- S8004007: test/sun/tools/jinfo/Basic.sh fails on when runSA is
set to true
- S8023990: Regression: postscript size increase from 6u18
- S8027705: com/sun/jdi/JdbMethodExitTest.sh fails when a
background thread is generating events.
- S8028537: PPC64: Updated the JDK regression tests to run on AIX
- S8036132: Tab characters in test/com/sun/jdi files
- S8038963: com/sun/jdi tests fail because cygwin\'s ps sometimes
misses processes
- S8044419: TEST_BUG: com/sun/jdi/JdbReadTwiceTest.sh fails when
run under root
- S8059661: Test SoftReference and OOM behavior
- S8067364: Printing to Postscript doesn\'t support dieresis
- S8072753: Nondeterministic wrong answer on arithmetic
- S8073735: [TEST_BUG] compiler/loopopts/CountedLoopProblem.java
got OOME
- S8074146: [TEST_BUG] jdb has succeded to read an unreadable
file
- S8075584: test for 8067364 depends on hardwired text advance
- S8134297: NPE in GSSNameElement nameType check
- S8134650: Xsl transformation gives different results in 8u66
- S8141229: [Parfait] Null pointer dereference in cmsstrcasecmp
of cmserr.c
- S8143002: [Parfait] JNI exception pending in fontpath.c:1300
- S8146477: [TEST_BUG] ClientJSSEServerJSSE.java failing again
- S8146967: [TEST_BUG] javax/security/auth/SubjectDomainCombiner/Optimize.java
should use 4-args ProtectionDomain constructor
- S8147567: InterpreterRuntime::post_field_access not updated
for boolean in JDK-8132051
- S8148446: (tz) Support tzdata2016a
- S8148475: Missing SA Bytecode updates.
- S8149170: Better byte behavior for native arguments
- S8149367: PolicyQualifierInfo/index_Ctor JCk test fails with
IOE: Invalid encoding for PolicyQualifierInfo
- S8150012: Better byte behavior for reflection
- S8150790: 8u75 L10n resource file translation update
- S8154210: Zero: Better byte behaviour
- S8155261: Zero broken since HS23 update
- S8155699: Resolve issues created by backports in OpenJDK 6 b39
- S8155746: Sync Windows export list in make/java/jli/Makefile
with make/java/jli/mapfile-vers
* Backports
- S6863746, PR2951: javap should not scan ct.sym by default
- S8071705, PR2820, RH1182694: Java application menu misbehaves
when running multiple screen stacked vertically
- S8150954, PR2868, RH1176206: AWT Robot not compatible with
GNOME Shell
* Bug fixes
- PR2887: Location of \'stap\' executable is hard-coded
- PR2890: OpenJDK should check for system cacerts database (e.g.
/etc/pki/java/cacerts)
- PR2952: test/tapset/jstaptest.pl requires Perl
- PR2953: make dist fails after PR2887 made jstaptest.pl
auto-generated
- Modified patch:
* icedtea6-1.13.7-aarch64.patch -> icedtea6-1.13.11-aarch64.patch
- Rediff to the new context
Fri Jan 22 13:00:00 2016 fstrbaAATTsuse.com
- Updated to 1.13.10
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen
displays
* Import of OpenJDK6 b38
- OJ69: Windows build broken after b37 changes
- OJ70: Allow versions of ALSA >= 1.1.0
- S6720721: CRL check with circular depency support needed
- S6852744: PIT b61: PKI test suite fails because self signed
certificates are being rejected [Tests only]
- S7166570: JSSE certificate validation has started to fail for
certificate chains
- S7167988: PKIX CertPathBuilder in reverse mode doesn\'t work if
more than one trust anchor is specified
- S7171223: Building ExtensionSubtables.cpp should use
- fno-strict-aliasing
- S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java
failed with SocketTimeoutException
- S8074068: Cleanup in src/share/classes/sun/security/x509/
- S8075773: jps running as root fails after the fix of
JDK-8050807
- S8081297: SSL Problem with Tomcat
- S8134605: Partial rework of the fix for 8081297
- S8135307: CompletionFailure thrown when calling FieldDoc.type,
if the field\'s type is missing
- S8138716: (tz) Support tzdata2015g
- S8141213: [Parfait]Potentially blocking function
GetArrayLength called in JNI critical region at line 239 of
jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in
function GET_ARRAYS
- S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
- S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
8u71 failure
- S8144955: Wrong changes were pushed with 8143942
- S8145551: Test failed with Crash for Improved font lookups
- S8147466: Add -fno-strict-overflow to
IndicRearrangementProcessor{,2}.cpp
* Backports
- S7169111, PR2757: Unreadable menu bar with Ambiance theme in
GTK L&F
- S8140620, PR2711: Find and load default.sf2 as the default
soundbank on Linux
Mon Nov 16 13:00:00 2015 fstrbaAATTsuse.com
- Updated to 1.13.9
* Security fixes
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object
invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081760: Better group dynamics
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8130078, CVE-2015-4911: Document better processing
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* Import of OpenJDK6 b37
- OJ64: Backport hashtable to map changes from jaxp
- OJ65: Remove AATTOverride annotation on interfaces added by
2015/10/20 security fixes
- OJ66: Revert 7110373 & 7149751 test removals now 6706974 is
present (krb5 test infrastructure)
- OJ67: Fix copyright headers on imported files
- OJ68: Ensure SharedSecrets are initialised
- S6570619: (bf) DirectByteBuffer.get/put(byte[]) does not
scale well
- S6590930: reed/write does not match for ccache
- S6648972: KDCReq.init always read padata
- S6676075: RegistryContext
(com.sun.jndi.url.rmi.rmiURLContext) coding problem
- S6682516: SPNEGO_HTTP_AUTH/WWW_KRB and
SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
- S6710360: export Kerberos session key to applications
- S6733095: Failure when SPNEGO request non-Mutual
- S6785456: Read Kerberos setting from Windows environment
variables
- S6821190: more InquireType values for ExtendedGSSContext
- S6843127: krb5 should not try to access unavailable kdc too
often
- S6844193: support max_retries in krb5.conf
- S6844907: krb5 etype order should be from strong to weak
- S6844909: support allow_weak_crypto in krb5.conf
- S6849275: enhance krb5 reg tests
- S6853328: Support OK-AS-DELEGATE flag
- S6854308: more ktab options
- S6856069: PrincipalName.clone() does not invoke super.clone()
- S6857795: krb5.conf ignored if system properties on realm and
kdc are provided
- S6857802: GSS getRemainingInitLifetime method returns
milliseconds not seconds
- S6858589: more changes to Config on system properties
- S6862679: ESC: AD Authentication with user with umlauts fails
- S6877357: IPv6 address does not work
- S6888701: Change all template java source files to a
.java-template file suffix
- S6893158: AP_REQ check should use key version number
- S6907425: JCK Kerberos tests fail since b77
- S6919610: KeyTabInputStream uses static field for per-instance
value
- S6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ
with pre-authentication
- S6946669: SSL/Krb5 should not call EncryptedData.reset(data,
false)
- S6950546: \"ktab -d name etype\" to \"ktab -d name [-e etype]
[kvno | all | old]\"
- S6951366: kerberos login failure on win2008 with AD set to
win2000 compat mode
- S6952519: kdc_timeout is not being honoured when using TCP
- S6959292: regression: cannot login if session key and preauth
does not use the same etype
- S6960894: Better AS-REQ creation and processing
- S6966259: Make PrincipalName and Realm immutable
- S6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest
started to fail since jdk7 b102
- S6984764: kerberos fails if service side keytab is generated
using JDK ktab
- S6997740: ktab entry related test compilation error
- S7018928: test failure: sun/security/krb5/auto/SSL.java
- S7032354: no-addresses should not be used on acceptor side
- S7061379: [Kerberos] Cross-realm authentication fails, due to
nameType problem
- S7142596: RMI JPRT tests are failing
- S7157610: NullPointerException occurs when parsing XML doc
- S7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
- S7197159: accept different kvno if there no match
- S8004317: TestLibrary.getUnusedRandomPort() fails intermittently,
but exception not reported
- S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java
fails intermittently
- S8006534: CLONE - TestLibrary.getUnusedRandomPort() fails
intermittently-doesn\'t retry enough times
- S8014097: add doPrivileged methods with limited privilege
scope
- S8021191: Add isAuthorized check to limited doPrivileged
methods
- S8022213: Intermittent test failures in java/net/URLClassLoader
- S8028583: Add helper methods to test libraries
- S8028780: JDK KRB5 module throws OutOfMemoryError when CCache
is corrupt
- S8058608: JVM crash during Kerberos logins using des3-cbc-md5
on OSX
- S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops
the information about the domain combiner of the stack ACC
- S8072932: Test fails with java.security.AccessControlException:
access denied (\"java.security.SecurityPermission\"
\"getDomainCombiner\")
- S8078822: 8068842 fix missed one new file
PrimeNumberSequenceGenerator.java
- S8079323: Serialization compatibility for Templates: need to
exclude Hashtable from serialization
- S8087118: Remove missing package from java.security files
- S8098547: (tz) Support tzdata2015e
- S8130253: ObjectStreamClass.getFields too restrictive
- S8133196, RH1251935: HTTPS hostname invalid issue with
InetAddress
- S8133321: (tz) Support tzdata2015f
- S8135043: ObjectStreamClass.getField(String) too restrictive
* Backports
- S6440786, PR363: Cannot create a ZIP file containing zero
entries
- S6599383, PR363: Unable to open zip files more than 2GB in
size
- S6763122, PR363: ZipFile ctor does not throw exception when
file is not a zip file
- S6929479, PR363: Add a system property
sun.zip.disableMemoryMapping to disable mmap use in ZipFile
- S7105461, PR2662: Large JTables are not rendered correctly
with Xrender pipeline
- S7150134, PR2662: JCK api/java_awt/Graphics/index.html#DrawLine fails
with OOM for jdk8 with XRender pipeline
* Bug fixes
- PR2513: Reset success following calls in LayoutManager.cpp
- Renamed file:
* generate-cleaned-zip.sh -> generate-cleaned.sh
- it is not a zip, but a tarball
Tue Aug 18 14:00:00 2015 fstrbaAATTsuse.com
- Updated to 1.13.8
* Security fixes
- S8043202, CVE-2015-2808: Prohibit RC4 cipher suites
- S8067694, CVE-2015-2625: Improved certification checking
- S8071715, CVE-2015-4760: Tune font layout engine
- S8071731: Better scaling for C1
- S8072490: Better font morphing redux
- S8072887: Better font handling improvements
- S8073334: Improved font substitutions
- S8073773: Presume path preparedness
- S8073894: Getting to the root of certificate chains
- S8074330: Set font anchors more solidly
- S8074335: Substitute for substitution formats
- S8074865, CVE-2015-2601: General crypto resilience changes
- S8074871: Adjust device table handling
- S8075374, CVE-2015-4748: Responding to OCSP responses
- S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling
- S8075738: Better multi-JVM sharing
- S8075838: Method for typing MethodTypes
- S8075853, CVE-2015-2621: Proxy for MBean proxies
- S8076328, CVE-2015-4000: Enforce key exchange constraints
- S8076376, CVE-2015-2628: Enhance IIOP operations
- S8076397, CVE-2015-4731: Better MBean connections
- S8076401, CVE-2015-2590: Serialize OIS data
- S8076405, CVE-2015-4732: Improve serial serialization
- S8076409, CVE-2015-4733: Reinforce RMI framework
- S8077520, CVE-2015-2632: Morph tables into improved form
- PR2488, CVE-2015-4000: Make jdk8 mode the default for
jdk.tls.ephemeralDHKeySize
* Import of OpenJDK6 b36
- OJ58: Allow OpenJDK to build on PaX-enabled kernels
- OJ59: Only apply PaX-marking when needed by a running PaX
kernel
- OJ60, PR2484: Disable export ciphers by default
- OJ61: Remove translation strings for
ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn\'t exist in
OpenJDK 6
- OJ62, PR2552: Restrict key size of RSA certificates to >= 1024
- OJ63: Remove AATTOverride annotation on interfaces added by
2015/07/14 security fixes.
- S6787645: CRL validation code should permit some clock skew
when checking validity of CRLs
- S6996365: Evaluate the priorities of cipher suites
- S7185471: Avoid key expansion when AES cipher is re-init w/
the same key
- S8007142: Add utility classes for writing better multiprocess
tests in jtreg
- S8008089: Delete OS dependent check in JdkFinder.getExecutable()
- S8024861: Incomplete token triggers GSS-API
NullPointerException
- S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh
Failed to initialize connector
- S8036786: Update jdk7 testlibrary to match jdk8
- S8042205: javax/management/monitor/
*: some tests didn\'t get
all the notifications
- S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
- S8043200, PR2485: Decrease the preference mode of RC4 in the
enabled cipher suite list
- S8043201: Deprecate RC4 in SunJSSE provider
- S8046817: JDK 8 schemagen tool does not generate xsd files for
enum types
- S8048194: GSSContext.acceptSecContext fails when a supported
mech is not initiator preferred
- S8050158: Introduce system property to maintain RC4 preference
order
- S8062923: XSL: Run-time internal error in \'substring()\'
- S8062924: XSL: wrong answer from substring() function
- S8064546: CipherInputStream throws BadPaddingException if
stream is not fully read
- S8065764: javax/management/monitor/CounterMonitorTest.java
hangs
- S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java
hangs
- S8073357: schema1.xsd has wrong content. Sequence of the enum
values has been changed
- S8073385: Bad error message on parsing illegal character in
XML attribute
- S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on
Solaris Sparc
- S8074297: substring in XSLT returns wrong character if string
contains supplementary chars
- S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java
failed in certain env.
- S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java
failed in certain env.
- S8075667: (tz) Support tzdata2015b
- S8076290: JCK test api/xsl/conf/string/string17 starts failing
after JDK-8074297
- S8077685: (tz) Support tzdata2015d
- S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
fails with BindException
- S8078439: SPNEGO auth fails if client proposes MS krb5 OID
- S8078666, PR2327: JVM fastdebug build compiled with GCC 5
asserts with \"widen increases\"
- S8080318: jdk8u51 l10n resource file translation update
- S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh
test has RC4 dependencies
- S8081775: two lib/testlibrary tests are failing with \"Error.
failed to clean up files after test\" with jtreg 4.1 b12
* Backports
- S4890063, PR2306, RH1214835: HPROF: default text truncated when
using doe=n option
- S6562614, PR2555: Compiler warnings for gettimeofday in
Inet4/Inet6AddressImpl.c
- S6956398, PR2486: make ephemeral DH key match the length of
the certificate key
- S6989466, PR2555: Miscellaneous compiler warnings in
java/lang, java/util, java/io, sun/misc native code
- S6991580, PR2309: IPv6 Nameservers in resolv.conf throws
NumberFormatException
- S6997561, PR2479: A request for better error handling in JNDI
- S7007905, PR2298: javazic produces wrong line numbers
- S7017176, PR2479: Several JNDI tests are mssing GPL header
- S7058708, PR2298: Eliminate JDK build tools build warnings
- S7069870, PR2298: Parts of the JDK erroneously rely on
generic array initializers with diamond
- S7090844, PR2298: Support a timezone whose offset is changed
more than once in the future
- S7094377, PR2479: Com.sun.jndi.ldap.read.timeout doesn\'t work
with ldaps.
- S7133138, PR2298: Improve io performance around timezone lookups
- S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic
Field.
- S8000487, PR2479: Java JNDI connection library on ldap conn is
not honoring configured timeout
- S8011709, PR2510: [parfait] False positive: memory leak in
jdk/src/share/native/sun/font/layout/CanonShaping.cpp
- S8023052, PR2510: JVM crash in native layout
- S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working
- S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout
should abandon ldap request
- S8042855, PR2510: [parfait] Potential null pointer dereference
in IndicLayoutEngine.cpp
- S8042857, PR2479: 14 stuck threads waiting for notification on
LDAPRequest
- S8065238, PR2479: javax.naming.NamingException after upgrade
to JDK 8
- S8074761, PR2469: Empty optional parameters of LDAP query are
not interpreted as empty
- S8078654, PR2334: CloseTTFontFileFunc callback should be removed
- S8081315, PR2406: Avoid giflib interlacing workaround with
giflib 5.0.0 on
- S8081475, PR2495: SystemTap does not work when JDK is compiled
with GCC 5
- S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError
on Zero JVM initialization on non x86 platforms.
* Bug fixes
- PR2319: Checksum of policy JAR files changes on every build
- PR2340: Fail early if there is no native HotSpot JIT & all
other options are disabled
- PR2342: Update README & INSTALL files
- PR2360: Ensure all stamp targets have aliases
- PR2391: Make elliptic curve removal optional
- PR2460: Policy JAR files should be timestamped with the date
of the policy file they hold
- PR2481, RH489586, RH1236619: OpenJDK can\'t handle spaces in
zone names in /etc/sysconfig/clock
- PR2486: JSSE server is still limited to 768-bit DHE
- PR2508, G541462: Only apply PaX markings by default on running
PaX kernels
- PR2556, G390663: Update Gentoo font configuration and allow
font directory to be specified
- PR2559: generated directory gets confused with generated alias
- PR2565: Replace ipv4-mapped-ipv6-addresses.patch with upstream
fix 6882910
* CACAO
- PR829: Raise javadoc and JAVAC_FLAGS memory limits for CACAO
* JamVM
- PR2522: Add executable stack markings to callNative.S on JamVM
- Removed patches
* signed-overflow.patch, signed-overflow-ecj.patch
* zero-dummy.patch, zero-dummy-ecj.patch
* implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch
- Included within icedtea 1.13.8
Thu Jun 18 14:00:00 2015 tchvatalAATTsuse.com
- Use priority matching to ibm-java, always 5 bigger than it
Tue Jun 16 14:00:00 2015 fstrbaAATTsuse.com
- Added patches:
* signed-overflow.patch, signed-overflow-ecj.patch
- Fix OOM in hotspot when built with gcc5
* zero-dummy.patch, zero-dummy-ecj.patch
- Fix crash with gcc5 built ZERO JVM
* implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch
- Fix implicit-fortify-decl rpmlint error
Wed Apr 15 14:00:00 2015 fstrbaAATTsuse.com
- Update to 1.13.7
* Security fixes
- S8059064: Better G1 log caching
- S8060461: Fix for JDK-8042609 uncovers additional issue
- S8064601, CVE-2015-0480: Improve jar file handling
- S8065286: Fewer subtable substitutions
- S8065291: Improved font lookups
- S8066479: Better certificate chain validation
- S8067050: Better font consistency checking
- S8067684: Better font substitutions
- S8067699, CVE-2015-0469: Better glyph storage
- S8068320, CVE-2015-0477: Limit applet requests
- S8068720, CVE-2015-0488: Better certificate options checking
- S8069198: Upgrade image library
- S8071726, CVE-2015-0478: Better RSA optimizations
- S8071818: Better vectorization on SPARC
- S8071931, CVE-2015-0460: Return of the phantom menace
* Import of OpenJDK6 b35
- OJ55: Synchronise whitespace in TimeZoneNames files with
OpenJDK 7 versions.
- OJ56: Update 3rd party readme and license for LibPNG v 1.6.16
- OJ57: Remove mistakenly added patching fragment
- S6672144: HttpURLConnection.getInputStream sends POST request
after failed chunked
- S6989721: awt native code compiler warnings
- S7088287: libpng need to be updated.
- S7090424: TestGlyphVectorLayout failed automately with
java.lang.StackOverflowError
- S7170655: Frame size does not follow font size change with
XToolkit
- S7176479: G1: JVM crashes on T5-8 system with 1.5 TB heap
- S8019623: Lack of synchronization in
AppContext.getAppContext()
- S8040790: [TEST_BUG] tools/javac/innerClassFile/Driver.sh
fails to cleanup files after it
- S8043123: Hard crash with access violation exception when
blitting to very large image
- S8051359: JPopupMenu creation in headless mode with JDK9b23
causes NPE
- S8064454: [TEST_BUG] Test tools/javac/innerClassFile/Driver.sh
fails for Mac and Linux
- S8065072: sun/net/www/http/HttpClient/StreamingRetry.java
failed intermittently
- S8065709: Deadlock in awt/logging apparently introduced by
8019623
- S8072042: (tz) Support tzdata2015a
- S8074662: Update 3rd party readme and license for LibPNG v
1.6.16
- S8075211: [TEST_BUG] Test
sun/net/www/http/HttpClient/StreamingRetry.java fails with
compilation error
* Backports
- S6584008, PR2195, RH1173326: jvmtiStringPrimitiveCallback
should not be invoked when string value is null
- S7199862, PR2198: Make sure that a connection is still alive
when retrieved from KeepAliveCache in certain cases
- S8074312, PR2255: Enable hotspot builds on Linux 4.x
* Bug fixes
- PR2197: jhat man page has broken URL
- PR2201: Support giflib 5.1.0
- PR2211: DGifCloseFile call should check the return value, not
the error code, for failure
- PR2226: giflib 5.1 conditional excludes 6.0, 7.0, etc.
- PR2294: Auto-generated jconsole.desktop and
policytool.desktop should not be included in release tarball
- Remove upstreamed patch:
* system-giflib51.patch
- Remove patch:
* icedtea6-1.13.6-aarch64.patch
- Replaced by added
* icedtea6-1.13.7-aarch64.patch
Mon Jan 26 13:00:00 2015 fstrbaAATTsuse.com
- Added patch:
* icedtea6-1.13.6-aarch64.patch
- restore and rediff a patch that is not yet integrated upstream
Mon Jan 26 13:00:00 2015 fstrbaAATTsuse.com
- Update to 1.13.6
* Security fixes
- S8046656: Update protocol support
- S8047125, CVE-2015-0395: (ref) More phantom object references
- S8047130: Fewer escapes from escape analysis
- S8048035, CVE-2015-0400: Ensure proper proxy protocols
- S8049253: Better GC validation
- S8050807, CVE-2015-0383: Better performing performance data
handling
- S8054367, CVE-2015-0412: More references for endpoints
- S8055304, CVE-2015-0407: More boxing for
DirectoryComboBoxModel
- S8055309, CVE-2015-0408: RMI needs better transportation
considerations
- S8055479: TLAB stability
- S8055489, CVE-2014-6585: Better substitution formats
- S8056264, CVE-2014-6587: Multicast support improvements
- S8056276, CVE-2014-6591: Fontmanager feature improvements
- S8057555, CVE-2014-6593: Less cryptic cipher suite management
- S8058982, CVE-2014-6601: Better verification of an exceptional
invokespecial
- S8059485, CVE-2015-0410: Resolve parsing ambiguity
- S8061210, CVE-2014-3566: Issues in TLS
* Import of OpenJDK6 b34
- OJ43: Backport JAX_WS-945; Socket backlog may be limiting
lwhs performance
- OJ44: Add missing TimeZone test cases included in OpenJDK 7
revision 0.
- OJ45: Fix copyright headers on imported files
- OJ46: Fix lost Classpath exception
- OJ47: Remove AATTOverride annotation on interfaces added by
2015/01/20 security fixes.
- OJ48: Fix substitution error.
- OJ49: Fix placement of 8023956 fix.
- OJ50: Fix reference to missing pd_attempt_reserve_memory_at
- S4873188: Support TLS 1.1
- S6364329: jstat displays \"invalid argument count\" with usage
- S6461635: [TESTBUG] BasicTests.sh test fails intermittently
- S6507067: TimeZone country/area message error
- S6545422: [TESTBUG] NativeErrors.java uses wrong path name in exec
- S6578647: Undefined requesting URL in
java.net.Authenticator.getPasswordAuthentication()
- S6585666: Spanish language names not compliant with CLDR
- S6587676: Krb5LoginModule failure if useTicketCache=true on
Vista
- S6608572: Currency change for Malta and Cyprus
- S6610748: Dateformat - AM-PM indicator in Finnish appears to
be from English
- S6627549: ISO 3166 code addition: Saint Barthelemy and Saint
Martin
- S6631048: Problem when writing on output stream of
HttpURLConnection
- S6641309: Wrong Cookie separator used in HttpURLConnection
- S6641312: Fix krb5 codes indentation problems
- S6645271: Wrong date format for Croatian (hr) locale
- S6646611: Incorrect spelling of month name in locale for
Belarusian language (\"be\", \"BY\")
- S6647452: Remove obfuscation, framework and provider
self-verification checking
- S6653795: C2 intrinsic for Unsafe.getAddress performs pointer
sign extension on 32-bit systems
- S6659779: HttpURLConnections logger should log tunnel requests
- S6670362: HTTP/SPNEGO should work across realms
- S6716626: Integrate contributed language and country names
for NL
- S6720866: Slow performance using HttpURLConnection for
upload
- S6726695: HttpURLConnection shoul support \'Expect:
100-continue\' headers for PUT
- S6729881: Compiler warning in networking native code
- S6765491: Krb5LoginModule a little too restrictive, and the
doc is not clear.
- S6776102: sun/util/resources/TimeZone/Bug6317929.java test
failed against 6u12b01 and passed against 6u11b03
- S6786276: Locale.getISOCountries() still contains country
code \"CS\"
- S6792180: Enhance to reject weak algorithms or conform to
crypto recommendations
- S6811297: Add more logging to HTTP protocol handler
- S6822460: support self-issued certificate
- S6830658: Changeset 67e5d3e41b5b breaks the fastdebug build
in NativeCreds.c
- S6835668: Use of /usr/include/linux/ files creates a
dependence on kernel-headers
- S6855297: Windows build breaks after 6811297
- S6856856: NPE in HTTP protocol handler logging
- S6868106: Ukrainian currency has wrong format
- S6870908: reopen bug 4244752: month names in Estonian should
be lowercase
- S6873931: New Turkish currency since 2009
- S6882594: Remove static dependancy on NTLM authentication
- S6899503: Security code issue using Verisign root certificate
- S6910489: Slovenia Locale, wrong firstDayOfWeek number
- S6911104: Tests do not work with CYGWIN: tools, sun/tools,
and com/sun/tools
- S6914413: abbreviation name for November is not correct in
be_BY
- S6916787: Ukrainian currency name needs to be fixed
- S6919624: minimalDaysInFirstWeek ressource for hungarian is
wrong
- S6931564: Incorrect display name of Locale for south africa
- S6931566: NetworkInterface is not working when interface name
is more than 15 characters long
- S6938454: 2 new testcases for bug: Unable to determine
generic type in program that compiles under Java 6
- S6938454: Unable to determine generic type in program that
compiles under Java 6
- S6945604: wrong error message in CardImpl.java
- S6962617: Testcase changes, cleanup of problem list for
jdk_tools targets
- S6964714: NetworkInterface getInetAddresses enumerates IPv6
addresses if java.net.preferIPvStack property set
- S6967937: Scope id no longer being set after 6931566
- S6972374: NetworkInterface.getNetworkInterfaces throws
\"java.net.SocketException\" on Solaris zone
- S6976117: SSLContext.getInstance(\"TLSv1.1\") returns
SSLEngines/SSLSockets without TLSv1.1 enabled
- S7001720: copyright templates not rebranded
- S7019267: Currency Display Names are not localized into pt_BR
- S7020583: Some currency names are missing in some locales
- S7020960: CurrencyNames_sr_RS.properties is missing
- S7022269: clean up fscanf usage in Linux networking native
code
- S7025837: fix plural currency display names in
sr_Latn_(BA|ME|RS).properties
- S7028073: The currency symbol for Peru is wrong
- S7035555: 4/4 attach/BasicTests.sh needs another tweak for
Cygwin
- S7036025: java.security.AccessControlException when creating
JFileChooser in signed applet
- S7036905: [de] dem - the german mark display name is incorrect
- S7047033: (smartcardio) Card.disconnect(boolean reset) does
not reset when reset is true
- S7066203: Update currency data to the latest ISO 4217 standard
- S7077119: remove past transition dates from
CurrencyData.properties file
- S7085757: Currency Data: ISO 4217 Amendment 152
- S7122142, RH1151372: (ann) Race condition between
isAnnotationPresent and getAnnotations
- S7153184: NullPointerException when calling
SSLEngineImpl.getSupportedCipherSuites
- S7161796, RH1151372: PhaseStringOpts::fetch_static_field
tries to fetch field from the Klass instead of the mirror
- S7171028: dots are missed in the datetime for Slovanian
- S7174244: NPE in Krb5ProxyImpl.getServerKeys()
- S7185456: (ann) Optimize Annotation handling in
java/sun.reflect.
* code for small number of annotations
- S7189611: Venezuela current Currency should be Bs.F.
- S7195759: ISO 4217 Amendment 154
- S7199066: Typo in method name
- S7201205: Add Makefile configuration option to build with
unlimited crypto in OpenJDK.
- S8005232: (JEP-149) Class Instance size reduction
- S8006748: getISO3Country() returns wrong value
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8015421: NegativeArraySizeException occurs in
ChunkedOutputStream() with Integer.MAX_VALUE
- S8015570: Use long comparison in Rule.getRules()
- S8021121: ISO 4217 Amendment Number 156
- S8021372: NetworkInterface.getNetworkInterfaces() returns
duplicate hardware address
- S8022721: TEST_BUG: AnnotationTypeDeadlockTest.java throws
java.lang.IllegalStateException: unexpected condition
- S8023956: Provide a work-around to broken Linux 32 bit \"Exec
Shield\" using CS for NX emulation (crashing with SI_KERNEL)
- S8025051: Update resource files for TimeZone display names
- S8026772: test/sun/util/resources/TimeZone/Bug6317929.java
failing
- S8027359: XML parser returns incorrect parsing results
- S8027370: Support tzdata2013h
- S8027695: There should be a space before % sign in Swedish
locale
- S8028627: Unsynchronized code path from javax.crypto.Cipher
to the WeakHashMap used by JceSecurity to store codebase
mappings
- S8028726: (prefs) Check src/solaris/native/java/util/FileSystemPreferences.c
for JNI pending exceptions
- S8029153: [TESTBUG] test/compiler/7141637/SpreadNullArg.java
fails because it expects NullPointerException
- S8029318: Native Windows ccache still reads DES tickets
- S8030822: (tz) Support tzdata2013i
- S8031046: Native Windows ccache might still get unsupported
ticket
- S8032788: ImageIcon constructor throws an NPE and hangs when
passed a null String parameter
- S8032909: XSLT string-length returns incorrect length when
string includes complementary chars
- S8035613: With active Securitymanager JAXBContext.newInstance
fails
- S8037012: (tz) Support tzdata2014a
- S8038306: (tz) Support tzdata2014b
- S8040617: [macosx] Large JTable cell results in a
OutOfMemoryException
- S8041990: [macosx] Language specific keys does not work in
applets when opened outside the browser
- S8043012: (tz) Support tzdata2014c
- S8046343: (smartcardio) CardTerminal.connect(\'direct\') does
not work on MacOSX
- S8049250: Need a flag to invert the Card.disconnect(reset)
argument
- S8049343: (tz) Support tzdata2014g
- S8050485: super() in a try block in a ctor causes VerifyError
- S8051012: Regression in verifier for method call from
inside of a branch
- S8051614: smartcardio TCK tests fail due to lack of \'reset\'
permission
- S8054367: More references for endpoints
- S8055222: Currency update needed for ISO 4217 Amendment #159
- S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002]
failure
- S8058715: stability issues when being launched as an embedded
JVM via JNI
- S8059206: (tz) Support tzdata2014i
- S8060474: Resolve more parsing ambiguity
- S8061826: Part of JDK-8060474 should be reverted
- S8062561: Test bug8055304 fails if file system default
directory has read access
- S8062807: Exporting RMI objects fails when run under
restrictive SecurityManager
- S8064560: (tz) Support tzdata2014j
* Backports
- OJ51, PR2187: Sync patch for 4873188 with 7 version
- OJ52, PR2185: Application of 6786276 introduces compatibility
issue
- OJ53, PR2181: strict-aliasing warnings issued on PPC32
- OJ54, PR2182: 6911104 reintroduces test fragment removed in
existing 6964018 backport
- S6730740, PR2186: Fix for 6729881 has apparently broken
several 64 bit tests: \"Bad address\"
- S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled
connection with SSLEngine
- S8000897, PR2173, RH1155012: VM crash in CompileBroker
- S8020190, PR2174, RH1176718: Fatal: Bug in native code:
jfieldID must match object
- S8028623, PR2177, RH1168693: SA: hash codes in SymbolTable
mismatching java_lang_String::hash_code for extended characters
- S8061785, PR2177: [TEST_BUG] serviceability/sa/jmap-hashcode/Test8028623.java
has utf8 character corrupted by earlier merge
* Bug fixes
- PR1831: Drop version requirement for LCMS 2
- PR1832, RH1022017: Report elliptic curves supported by NSS,
not the SunEC library
- PR2033: patches/ecj/jaxws-getdtdtype.patch no longer applies
since removal of JAXWS drop
- PR2062: Unset OS before running OpenJDK build
- PR2070: Type-punning warnings still evident on RHEL 5
- PR2082: Cast should use same type as GCDrainStackTargetSize
(uintx).
- PR2096, RH1163501: 2048-bit DH upper bound too small for
Fedora infrastructure
- PR2125: Synchronise elliptic curves in sun.security.ec.NamedCurve
with those listed by NSS
- PR2179: Avoid x86 workaround when running Zero rather than a JIT
- PR2180: Old autotools dislike $(builddir)/fsg.sh
* CACAO
- PR2184: CACAO lacks JVM_FindClassFromCaller introduced by
security patch in 1.13.6
* JamVM
- PR2190: JamVM lacks JVM_FindClassFromCaller introduced by
security patch in 1.13.6
- Remove upstreamed patches:
* icedtea6-1.13.5-aarch64.patch
* icedtea6-1.13.5-bootstrap.patch
* icedtea6-1.13.5-s390.patch
Tue Nov 18 13:00:00 2014 fstrbaAATTsuse.com
- Do not package the timezone data, since we are using the one from
timezone-info package
- Clean-up some dependencies
- Use the jredir macro instead of %sdkdir/jre
Sun Nov 16 13:00:00 2014 fstrbaAATTsuse.com
- Build the javadoc package as noarch, since it installed in
architecture independent place
Fri Nov 14 13:00:00 2014 fstrbaAATTsuse.com
- Disable building of documentation for aarch64
* It takes more then 8 hours without output and OBS kills
the build as stuck
Tue Nov 11 13:00:00 2014 fstrbaAATTsuse.com
- Add one more cast for s390\'s MIN2 template.
Thu Nov 6 13:00:00 2014 fstrbaAATTsuse.com
- Don\'t build pulseaudio integration during bootstrap build.
Fri Oct 17 14:00:00 2014 fstrbaAATTsuse.com
- Remove java-access-bridge sources
* Split accessibility package and use java-atk-wrapper instead of
java-access-bridge (like the other java packages in this
repository
- Removed patches: java-1.6.0-openjdk-java-access-bridge-idlj.patch
and java-1.6.0-openjdk-java-access-bridge-tck.patch
* Unneeded, since they were patching the java-access-bridge
Thu Oct 16 14:00:00 2014 fstrbaAATTsuse.com
- Build in bootstrap mode with --enable-bootstrap-tools
Thu Oct 16 14:00:00 2014 fstrbaAATTsuse.com
- Add patch: missing-includes-ecj.patch
* fix implicit-fortify-decl for ecj boostrap build
Wed Oct 15 14:00:00 2014 fstrbaAATTsuse.com
- Update to 1.13.5
* Security fixes
- S8015256: Better class accessibility
- S8022783, CVE-2014-6504: Optimize C2 optimizations
- S8035162: Service printing service
- S8035781: Improve equality for annotations
- S8036805: Correct linker method lookup.
- S8036810: Correct linker field lookup
- S8037066, CVE-2014-6457: Secure transport layer
- S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
- S8038899: Safer safepoints
- S8038903: More native monitor monitoring
- S8038908: Make Signature more robust
- S8038913: Bolster XML support
- S8039509, CVE-2014-6512: Wrap sockets more thoroughly
- S8039533, CVE-2014-6517: Higher resolution resolvers
- S8041540, CVE-2014-6511: Better use of pages in font processing
- S8041545: Better validation of generated rasters
- S8041564, CVE-2014-6506: Improved management of logger resources
- S8041717, CVE-2014-6519: Issue with class file parser
- S8042609, CVE-2014-6513: Limit splashiness of splash images
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing
* Import of OpenJDK6 b33
- OJ37: OpenJDK6-b32 cannot be built on Windows
- OJ39: Handle fonts with the non-canonical processing flag set
- OJ41: OpenJDK6 should be compatible with Windows SDK 7.1
- OJ42: Remove AATTOverride annotation on interfaces added by 2014/10/14 security fixes.
- S6967684: httpserver using a non thread-safe SimpleDateFormat
- S7033534: Two tests fail just against jdk7 b136
- S7160837: DigestOutputStream does not turn off digest calculation when \"close()\" is called
- S7172149: ArrayIndexOutOfBoundsException from Signature.verify
- S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
- S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
- S8028192: Use of PKCS11-NSS provider in FIPS mode broken
- S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
- S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream
- S8042603: \'SafepointPollOffset\' was not declared in static member function \'static bool Arguments::check_vm_args_consistency()\'
- S8042850: Extra unused entries in ICU ScriptCodes enum
- S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01
- S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect()
* Backports
- S4963723: Implement SHA-224
- S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
- S6753664: Support SHA256 (and higher) in SunMSCAPI
- S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
- S7044060: Need to support NSA Suite B Cryptography algorithms
- S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
- S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
- S8006935: Need to take care of long secret keys in HMAC/PRF compuation
- S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can\'t be instantiated
- S8049480: Current versions of Java can\'t verify jars signed and timestamped with Java 9
* Bug fixes
- PR1904: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information
- PR1967: Move to new OpenJDK bug URL format
- Do not use \"fedora\" suffix for the cleaned tarball, use \"cleaned\"
instead.
* rename the cleaner script accordingly
* use extreme compression in the cleaner script
- Added patch: icedtea6-1.13.5-bootstrap.patch
* fix bootstrap build
Mon Jul 28 14:00:00 2014 tchvatalAATTsuse.com
- Rename the fontconfig file to SUSE not SuSE. bnc#889006.
Fri Jul 25 14:00:00 2014 fstrbaAATTsuse.com
- Removed openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- Added openjdk-6-src-b32-no-return-in-nonvoid-function-ppc.patch
* need to rediff
- Run spec-cleaner on the package and remove spec file parts that
are not relevant to SUSE distributions
Wed Jul 16 14:00:00 2014 fstrbaAATTsuse.com
- Update to 1.13.4
* Security fixes
- S8029755, CVE-2014-4209: Enhance subject class
- S8030763: Validate global memory allocation
- S8031346, CVE-2014-4244: Enhance RSA key handling
- S8031540: Introduce document horizon
- S8032536: JVM resolves wrong method in some unusual cases
- S8033055: Issues in 2d
- S8033301, CVE-2014-4266: Build more informative InfoBuilder
- S8034267: Probabilistic native crash
- S8034272: Do not cram data into CRAM arrays
- S8035004, CVE-2014-4252: Provider provides less service
- S8035009, CVE-2014-4218: Make Proxy representations consistent
- S8035119, CVE-2014-4219: Fix exceptions to bytecode verification
- S8035699, CVE-2014-4268: File choosers should be choosier
- S8036571: (process) Process process arguments carefully
- S8036800: Attribute OOM to correct part of code
- S8037046: Validate libraries to be loaded
- S8037157: Verify call
- S8037076, CVE-2014-2490: Check constant pool constants
- S8037162, CVE-2014-4263: More robust DH exchanges
- S8037167, CVE-2014-4216: Better method signature resolution
- S8039520, CVE-2014-4262: More atomicity of atomic updates
* Import of OpenJDK6 b32
- OP32: OpenJDK6-b31 isn\'t compatible with Windows platform
- OJ33: Update copyright headers introduced by the fix for OPENJDK6-32
- OJ34: OpenJDK6-b31 backport of JDK-6638712 to openjdk6
- OJ35: backport of JDK-6650759 to openjdk6
- OJ36: Fix a mistake in backport of 8035119
- S8013611: Modal dialog fails to obtain keyboard focus
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8028111: XML readers share the same entity expansion counter
- S8028285: RMI Thread can no longer call out to AWT
- S8029038: Revise fix for XML readers share the same entity expansion counter
- S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64
- S8042590: Running form URL throws NPE
- S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
* Backports
- S7027300, RH1098399: Unsynchronized HashMap access causes endless loop
- S7183251: Netbeans editor renders text wrong on JDK 7u6 build
Fri Jul 11 14:00:00 2014 fstrbaAATTsuse.com
- update to 1.13.3
* Many security fixes
- bootstrap build for suse_version >= 1310
Wed Nov 27 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.7 (bnc#852367)
* Security fixes
- S8006900, CVE-2013-3829: Add new date/time capability
- S8008589: Better MBean permission validation
- S8011071, CVE-2013-5780: Better crypto provider handling
- S8011081, CVE-2013-5772: Improve jhat
- S8011157, CVE-2013-5814: Improve CORBA portablility
- S8012071, CVE-2013-5790: Better Building of Beans
- S8012147: Improve tool support
- S8012277: CVE-2013-5849: Improve AWT DataFlavor
- S8012425, CVE-2013-5802: Transform TransformerFactory
- S8013503, CVE-2013-5851: Improve stream factories
- S8013506: Better Pack200 data handling
- S8013510, CVE-2013-5809: Augment image writing code
- S8013514: Improve stability of cmap class
- S8013739, CVE-2013-5817: Better LDAP resource management
- S8013744, CVE-2013-5783: Better tabling for AWT
- S8014085: Better serialization support in JMX classes
- S8014093, CVE-2013-5782: Improve parsing of images
- S8014102, CVE-2013-5778: Improve image conversion
- S8014341, CVE-2013-5803: Better service from Kerberos servers
- S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
- S8014530, CVE-2013-5825: Better digital signature processing
- S8014534: Better profiling support
- S8014987, CVE-2013-5842: Augment serialization handling
- S8015614: Update build settings
- S8015731: Subject java.security.auth.subject to improvements
- S8015743, CVE-2013-5774: Address internet addresses
- S8016256: Make finalization final
- S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
- S8016675, CVE-2013-5797: Make Javadoc pages more robust
- S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
- S8017287, CVE-2013-5829: Better resource disposal
- S8017291, CVE-2013-5830: Cast Proxies Aside
- S8017298, CVE-2013-4002: Better XML support
- S8017300, CVE-2013-5784: Improve Interface Implementation
- S8017505, CVE-2013-5820: Better Client Service
- S8019292: Better Attribute Value Exceptions
- S8019617: Better view of objects
- S8020293: JVM crash
- S8021290, CVE-2013-5823: Better signature validation
- S8022940: Enhance CORBA translations
- S8023683: Enhance class file parsing
* Backports
- S4075303: Use javap to enquire about a specific inner class
- S4111861: static final field contents are not displayed
- S4348375: Javap is not internationalized
- S4459541: \"javap -l\" shows line numbers as signed short; they should be unsigned
- S4501660: change diagnostic of -help as \'print this help message and exit\'
- S4501661: disallow mixing -public, -private, and -protected options at the same time
- S4776241: unused source file in javap...
- S4870651: javap should recognize generics, varargs, enum
- S4876942: javap invoked without args does not print help screen
- S4880663: javap could output whitespace between class name and opening brace
- S4884240: additional option required for javap
- S4893408: JPEGReader throws IllegalArgException when setting the destination to BYTE_GRAY
- S4975569: javap doesn\'t print new flag bits
- S6271787: javap dumps LocalVariableTypeTable attribute in hex, needs to print a table
- S6305779: javap: support annotations
- S6439940: Clean up javap implementation
- S6469569: wrong check of searchpath in JavapEnvironment
- S6474890: javap does not open .zip files in -classpath
- S6563752: Build and test JDK7 with Sun Studio 12 Express compilers (prep makefiles)
- S6587786: Javap throws error : \"ERROR:Could not find \" for JRE classes
- S6622215: javap ignores certain relevant access flags
- S6622216: javap names some attributes incorrectly
- S6622232: javap gets whitespace confused
- S6622260: javap prints negative bytes incorrectly in hex
- S6631559: Registration of ImageIO plugins should not cause loading of jpeg.dlli and cmm.dll
- S6636331: ConcurrentModificationException in AppContext code
- S6636370: minor corrections and simplification of code in AppContext
- S6708729: update jdk Makefiles for new javap
- S6715767: javap on java.lang.ClassLoader crashes
- S6729772: 64-bit build with SS12 compiler: SIGSEGV (0xb) at pc=0x0000000000000048, pid=14826, tid=2
- S6791502: IIOException \"Invalid icc profile\" on jpeg after update from JDK5 to JDK6
- S6793818: JpegImageReader is too greedy creating color profiles
- S6799141: Build with --hash-style=both so that binaries can work on SuSE 10
- S6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003
- S6819246: improve support for decoding instructions in classfile library
- S6824493: experimental support for additional info for instructions
- S6840152: JVM crashes when heavyweight monitors are used
- S6841419: classfile: add constant pool iterator
- S6841420: classfile: add new methods to ConstantClassInfo
- S6843013: missing files in fix for 6824493
- S6852856: javap changes to facilitate subclassing javap for variants
- S6867671: javap whitespace formatting issues
- S6868539: javap should use current names for constant pool tags
- S6888215: memory leak in jpeg plugin
- S6902264: fix indentation of tableswitch and lookupswitch
- S6925851: Localize JRE into pt_BR
- S6954275: XML signatures with reference data larger 16KB and cacheRef on fails to validate
- S6974017: Upgrade required Solaris Studio compilers to 5.10 (12 update 1 + patches)
- S6980281: SWAT: SwingSet2 got core dumped in Solaris-AMD64 using b107 swat build
- S6989760: cmm native compiler warnings
- S6989774: imageio compiler warnings in native code
- S7000225: Sanity check on sane-alsa-headers is broken
- S7013519: [parfait] Integer overflows in 2D code
- S7018912: [parfait] potential buffer overruns in imageio jpeg
- S7022999: Can\'t build with FORCE_TIERED=0
- S7035073: Add missing timezones to TimeZoneNames_pt_BR.java
- S7038711: Fix CC_VER checks for compiler options, fix use of -Wno-clobber
- S7146431: java.security files out-of-sync
- S7196533: TimeZone.getDefault() slow due to synchronization bottleneck
- S8000450: Restrict access to com/sun/corba/se/impl package
- S8002070: Remove the stack search for a resource bundle for Logger to use
- S8003992: File and other classes in java.io do not handle embedded nulls properly
- S8004188: Rename src/share/lib/security/java.security to java.security-linux
- S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer \'scale\' allocated with calloc()
- S8006882: Proxy generated classes in sun.proxy package breaks JMockit
- S8010118: Annotate jdk caller sensitive methods with AATTsun.reflect.CallerSensitive
- S8010727: WLS fails to add a logger with \"\" in its own LogManager subclass instance
- S8010939: Deadlock in LogManager
- S8011139: (reflect) Revise checking in getEnclosingClass
- S8011950: java.io.File.createTempFile enters infinite loop when passed invalid data
- S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows
- S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
- S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
- S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
- S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
- S8013827: File.createTempFile hangs with temp file starting with \'com1.4\'
- S8014469: (tz) Support tzdata2013c
- S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
- S8014745: Provide a switch to allow stack walk search of resource bundle
- S8015144: Performance regression in ICU OpenType Layout library
- S8015965: (process) Typo in name of property to allow ambiguous commands
- S8015978: Incorrect transformation of XPath expression \"string(-0)\"
- S8016357: Update hotspot diagnostic class
- S8017566: Backout 8000450 - Cannot access to com.sun.corba.se.impl.orb.ORBImpl
- S8019584: javax/management/remote/mandatory/loading/MissingClassTest.java failed in nightly against jdk7u45: java.io.InvalidObjectException: Invalid notification: null
- S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes
- S8019979: Replace CheckPackageAccess test with better one from closed repo
- S8020054: (tz) Support tzdata2013d
- S8020983, RH976897: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances
- S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris
- S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing
- S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotificationInfo/serial/index.html#Input has failed since jdk 7u45 b01
- S8021933: Add extra check for fix # JDK-8014530
- S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log.
- S8022661: InetAddress.writeObject() performs flush() on object output stream
- S8022682: Supporting XOM
- S8023964: java/io/IOException/LastErrorString.java should be AATTignore-d
- S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp
- S8025128: File.createTempFile fails if prefix is absolute path
- S8025255: (tz) Support tzdata2013g
- OJ19: Fix test cases from 8010118 to work with OpenJDK 6
- OJ20: Resolve merge issues with JAXP security fixes
- OJ21: Remove AATTOverride annotation added on interface by 2013/10/15 security fixes
* Bug fixes
- PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel.
- RH995488: Java thinks that the default timezone is Busingen instead of Zurich
- D729448: 32-bit alignment on mips and mipsel
* refreshed: java-1.6.0-openjdk-java-access-bridge-security.patch
Wed Aug 21 14:00:00 2013 mvyskocilAATTsuse.com
- remove jpackage-utils from Requires to BuildRequires
* they were obsoleted by javapackages-tools, which require python,
lua et all
Tue Jul 16 14:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.6 (bnc#829708)
* Security fixes
- S6741606, CVE-2013-2407: Integrate Apache Santuario
- S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
- S7170730, CVE-2013-2451: Improve Windows network stack support.
- S8000638, CVE-2013-2450: Improve deserialization
- S8000642, CVE-2013-2446: Better handling of objects for transportation
- S8001032: Restrict object access
- S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
- S8001034, CVE-2013-1500: Memory management improvements
- S8001038, CVE-2013-2444: Resourcefully handle resources
- S8001043: Clarify definition restrictions
- S8001309: Better handling of annotation interfaces
- S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
- S8001330, CVE-2013-2443: Improve on checking order
- S8003703, CVE-2013-2412: Update RMI connection dialog box
- S8004584: Augment applet contextualization
- S8005007: Better glyph processing
- S8006328, CVE-2013-2448: Improve robustness of sound classes
- S8006611: Improve scripting
- S8007467: Improve robustness of JMX internal APIs
- S8007471: Improve MBean notifications
- S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
- S8008120, CVE-2013-2457: Improve JMX class checking
- S8008124, CVE-2013-2453: Better compliance testing
- S8008128: Better API coherence for JMX
- S8008132, CVE-2013-2456: Better serialization support
- S8008585: Better JMX data handling
- S8008593: Better URLClassLoader resource management
- S8008603: Improve provision of JMX providers
- S8008611: Better handling of annotations in JMX
- S8008615: Improve robustness of JMX internal APIs
- S8008623: Better handling of MBeanServers
- S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
- S8008982: Adjust JMX for underlying interface changes
- S8009004: Better implementation of RMI connections
- S8009013: Better handling of T2K glyphs
- S8009034: Improve resulting notifications in JMX
- S8009038: Improve JMX notification support
- S8009067: Improve storing keys in KeyStore
- S8009071, CVE-2013-2459: Improve shape handling
- S8009235: Improve handling of TSA data
- S8011243, CVE-2013-2470: Improve ImagingLib
- S8011248, CVE-2013-2471: Better Component Rasters
- S8011253, CVE-2013-2472: Better Short Component Rasters
- S8011257, CVE-2013-2473: Better Byte Component Rasters
- S8012375, CVE-2013-1571: Improve Javadoc framing
- S8012421: Better positioning of PairPositioning
- S8012438, CVE-2013-2463: Better image validation
- S8012597, CVE-2013-2465: Better image channel verification
- S8012601, CVE-2013-2469: Better validation of image layouts
- S8014281, CVE-2013-2461: Better checking of XML signature
- S8015997: Additional improvement in Javadoc framing
* Backports
- S6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
- S6541350: TimeZone display names localization
- S6656651: Windows Look and Feel LCD glyph images have some differences from native applications.
- S6786028: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Bold tags should be strong
- S6786682: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - HTML tag should have lang attribute
- S6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Table must have captions and headers
- S6786690: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - DL tag and nesting issue
- S6802694: Javadoc doclet does not display deprecated information with -nocomment option for serialized form
- S6821191: Timezone display name localization
- S6851834: Javadoc doclet needs a structured approach to generate the output HTML.
- S6888167: memory leaks in the medialib glue code
- S6961178: Allow doclet.xml to contain XML attributes
- S6977550: (tz) Support tzdata2010l
- S6996686: (tz) Support tzdata2010o
- S7006270: Several javadoc regression tests are failing on windows
- S7017800: (tz) Support tzdata2011b
- S7027387: (tz) Support tzdata2011d
- S7033174: (tz) Support tzdata2011e
- S7039469: (tz) Support tzdata2011g
- S7090843: (tz) Support tzdata2011j
- S7103108: (tz) Support tzdata2011l
- S7103405: Correct display names for Pacific/Apia timezone
- S7104126: Insert openjdk copyright header back into TZdata files
- S7158483: (tz) Support tzdata2012c
- S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
- S7198570: (tz) Support tzdata2012f
- S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
- S8002225: (tz) Support tzdata2012i
- S8009165: Fix for 8006435 needs revision
- S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03
- S8009530: ICU Kern table support broken
- S8009610: Blacklist certificate used with malware.
- S8009987: (tz) Support tzdata2013b
- S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail
- S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
- S8010727: WLS fails to add a logger with \"\" in its own LogManager subclass instance
- S8010939: Deadlock in LogManager
- S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows
- S8011557: Improve reflection utility classes
- S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05
- S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris
- S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
- S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07
- S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
- S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09
- S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
Thu Apr 25 14:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.5 (bnc#817157)
* Security fixes
- S6657673, CVE-2013-1518: Issues with JAXP
- S7200507: Refactor Introspector internals
- S8000724, CVE-2013-2417: Improve networking serialization
- S8001031, CVE-2013-2419: Better font processing
- S8001040, CVE-2013-1537: Rework RMI model
- S8001322: Refactor deserialization
- S8001329, CVE-2013-1557: Augment RMI logging
- S8003335: Better handling of Finalizer thread
- S8003445: Adjust JAX-WS to focus on API
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments
- S8004261: Improve input validation
- S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
- S8004986, CVE-2013-2383: Better handling of glyph table
- S8004987, CVE-2013-2384: Improve font layout
- S8004994, CVE-2013-1569: Improve checking of glyph table
- S8005432: Update access to JAX-WS
- S8005943: (process) Improved Runtime.exec
- S8006309: More reliable control panel operation
- S8006435, CVE-2013-2424: Improvements in JMX
- S8006790: Improve checking for windows
- S8006795: Improve font warning messages
- S8007406: Improve accessibility of AccessBridge
- S8007617, CVE-2013-2420: Better validation of images
- S8007667, CVE-2013-2430: Better image reading
- S8007918, CVE-2013-2429: Better image writing
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
- S8009305, CVE-2013-0401: Improve AWT data transfer
- S8009699, CVE-2013-2421: Methodhandle lookup
- S8009814, CVE-2013-1488: Better driver management
- S8009857, CVE-2013-2422: Problem with plugin
- RH952389: Temporary files created with insecure permissions
* Backports
- S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts
- S7036559: ConcurrentHashMap footprint and contention improvements
- S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param (with WeakCache from S6397609)
- S6501644: sync LayoutEngine
*code
* structure to match ICU
- S6886358: layout code update
- S6963811: Deadlock-prone locking changes in Introspector
- S7017324: Kerning crash in JDK 7 since ICU layout update
- S7064279: Introspector.getBeanInfo() should release some resources in timely manner
- S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01
- S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial for S6657673)
- S8009530: ICU Kern table support broken
* Bug fixes
- OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906)
- PR1362: Fedora 19 / rawhide FTBFS SIGILL
- PR1338: Remove dependence on libXp
- PR1339: Simplify the rhino class rewriter to avoid use of concurrency
- PR1336: Bootstrap failure on Fedora 17/18
- PR1319: Correct #ifdef to #if
- PR1402: Support glibc < 2.17 with AArch64 patch
- Give xalan/xerces access to their own internal packages.
* New features
- JAXP, JAXWS & JAF supplied as patches rather than drops to aid subsequent patching.
- PR1380: Add AArch64 support to Zero
Tue Mar 5 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.4 (bnc#807487)
- S8007014, CVE-2013-0809: Improve image handling
- S8007675, CVE-2013-1493: Improve color conversion
Wed Feb 20 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.3 (bnc#804654)
* Security fixes
- S8006446: Restrict MBeanServer access (CVE-2013-1486)
- S8006777: Improve TLS handling of invalid messages
Lucky 13 (CVE-2013-0169)
- S8007688: Blacklist known bad certificate (issued by DigiCert)
* Backports
- S8007393: Possible race condition after JDK-6664509
- S8007611: logging behavior in applet changed
* Bug fixes
- PR1319: Support GIF lib v5.
Tue Feb 12 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.2 (bnc#801972)
* Backports
- S8004341: Two JCK tests fails with 7u11 b06
- S8005615: Java Logger fails to load tomcat logger implementation (JULI)
* Bug fixes
- PR1297: cacao and jamvm parallel unpack failures
- PR1301: PR1171 causes builds of Zero to fail
- openjdk-7-src-b147-awt-crasher.patch (bnc#792951)
Tue Feb 5 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.1 (bnc#801972)
* Security fixes (on top of 1.12.0)
- S6563318, CVE-2013-0424: RMI data sanitization
- S6664509, CVE-2013-0425: Add logging context
- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
- S6776941: CVE-2013-0427: Improve thread pool shutdown
- S7141694, CVE-2013-0429: Improving CORBA internals
- S7173145: Improve in-memory representation of splashscreens
- S7186945: Unpack200 improvement
- S7186946: Refine unpacker resource usage
- S7186948: Improve Swing data validation
- S7186952, CVE-2013-0432: Improve clipboard access
- S7186954: Improve connection performance
- S7186957: Improve Pack200 data validation
- S7192392, CVE-2013-0443: Better validation of client keys
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
- S7192977, CVE-2013-0442: Issue in toolkit thread
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
- S7200491: Tighten up JTable layout code
- S7200500: Launcher better input validation
- S7201064: Better dialogue checking
- S7201066, CVE-2013-0441: Change modifiers on unused fields
- S7201068, CVE-2013-0435: Better handling of UI elements
- S7201070: Serialization to conform to protocol
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue
- S8000210: Improve JarFile code quality
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
- S8000540, CVE-2013-1475: Improve IIOP type reuse management
- S8000631, CVE-2013-1476: Restrict access to class constructor
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling
- S8001242: Improve RMI HTTP conformance
- S8001307: Modify ACC_SUPER behavior
- S8001972, CVE-2013-1478: Improve image processing
- S8002325, CVE-2013-1480: Improve management of images
Mon Feb 4 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.12.0
* Import of OpenJDK6 b27 (all changes already in security updates)
* Import of OpenJDK6 b26
- S7071826: Avoid benign race condition in initialization of UUID
- S7123896: Unexpected behavior due to Solaris using separate IPv4 and IPv6 port spaces
- S7142509: Cipher.doFinal(ByteBuffer,ByteBuffer) fails to process when in.remaining() == 0
- S7157903: JSSE client sockets are very slow
- S7174440: JDK6-open build breakage
- S7175845: JSSE client sockets are very slow
- S7176477: TEST: Remove testcase test/java/lang/SecurityManager/CheckPackageDefinition.java from jdk6-open
- S7184700: Backout changes with wrong id for 7157903
- S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo
* Import of OpenJDK6 b25
- S6790292: BOOTDIR of jdk6 u12 will not work with jdk7 builds
- S6967036: Need to fix links with // in Javadoc comments
- S7007299: FileFontStrike appears not to be threadsafe
- S7022473: JDK7 still runs /etc/prtconf to find memory size
- S7058133: Javah should use the freshly built classes instead of those from the BOOTDIR jdk
- S7107919: Remove hotspot assertion due to Solaris 8 kstat \"unimplemented\".
- S7123519: problems with certification path
- S7126889: Incorrect SSLEngine debug output
- S7127104: Build issue with prtconf and zones, also using := to avoid extra execs
- S7128474: Update source copyright years
- S7128505: Building on em64t system does not work
- S7149751: another krb5 test in openjdk6 without test infrastructure
* Backports
- S6706974: Add krb5 test infrastructure
- S6764553: com.sun.org.apache.xml.internal.security.utils.IdResolver is not thread safe
- S6761072: new krb5 tests fail on multiple platforms
- S6883983: JarVerifier dependency on sun.security.pkcs should be removed
- S4465490: Suspicious about double-check locking idiom being used in the code
- S6763340: memory leak in com.sun.corba.se.
* classes
- S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04
- S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477
- S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8
- S6414899: P11Digest should support cloning
- S4898461: Support for ECB and CBC/PKCS5Padding
- S6604496: Support for CKM_AES_CTR (counter mode)
- S6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
- S6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
- S6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
- S6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
- S6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
- S6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
- S7088989: Improve the performance for T4 by utilizing the newly provided crypto APIs
* Bug fixes
- PR902: PulseAudioClip getMicrosecondsLength() returns length in milliseconds, not microseconds
- PR1050: Stream objects not garbage collected
- PR1113: Add tapset tests to distribution.
- PR1117: IcedTea6 prebuilds far too many classes on bootstrap
- PR1121: Old installs still suffer from GCC PR41686
- PR1119: Only add classes to rt-source-files.txt if the class (or one or more of its methods/fields)
are actually missing from the boot JDK
- PR1114: Provide option to turn off downloading of tarballs (--disable-downloading)
- PR1176: Synchronise CACAO rules between IcedTea6/7/8 where possible
- RH513605: Updating/Installing OpenJDK should recreate the shared class-data archive
- G422525: Apply pax markings before using a freshly built JVM.
- PR986: IcedTea fails to build with IcedTea6 CACAO due to low max heap size
* CACAO
- PR1120: Unified version for icedtea6/7
- CA166, CA167: check-langtools fixes for icedtea6
- Implemented sun.misc.Perf.highResCounter
- CACAO now identifies by its own Mercurial revision
- Some memory barrier maintenance
- Ability to run when compiled as Thumb on armv5 (no Thumb JIT though)
- Stop creating pseudo files for OpenJDK (libjsig.so, Xusage.txt)
- Clang fix for the i386 backend
- CONTRIBUTE: Reference code submission process wiki instructions.
- INSTALL.CACAO: Update, so following the instruction actually works.
- Make doxygen work
- CA172, PR1266, G453612: ARM hardfloat support
- src/scripts/java.in: Look for cacao executable in install path, not in PATH.
- src/vm/jit/alpha/asmpart.S: Fix copyright header.
- src/vm/jit/alpha/asmpart.S: Properly set up GP in asm_abstractmethoderror
- Use AATTabs_top_builddirAATT for support scripts
* JamVM
- ARMv6 armhf: Changes for Raspbian (Raspberry Pi)
- PPC: Don\'t use lwsync if it isn\'t supported
- X86: Generate machine-dependent stubs for i386
- When suspending, ignore detached threads that have died, this prevents
a user caused deadlock when an external thread has been attached to the VM
via JNI and it has exited without detaching
- Add missing REF_TO_OBJs for references passed from JNI, this enable JamVM
to run Qt-Jambi
- PR1155: Do not put version number in libjvm.so SONAME
* SystemTap
- Addition of garbage collection probes
* drop bouncycastle patch and add a shell hackery in %install
Fri Oct 19 14:00:00 2012 mvyskocilAATTsuse.com
- update to 1.11.5 (bnc#785433)
* Security fixes
- S6631398, CVE-2012-3216: FilePermission improved path checking
- S7093490: adjust package access in rmiregistry
- S7143535, CVE-2012-5068: ScriptEngine corrected permissions
- S7167656, CVE-2012-5077: Multiple Seeders are being created
- S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
- S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
- S7172522, CVE-2012-5072: Improve DomainCombiner checking
- S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
- S7189103, CVE-2012-5069: Executors needs to maintain state
- S7189490: More improvements to DomainCombiner checking
- S7189567, CVE-2012-5085: java net obselete protocol
- S7192975, CVE-2012-5071: Conditional usage check is wrong
- S7195194, CVE-2012-5084: Better data validation for Swing
- S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
- S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance
- S7198296, CVE-2012-5089: Refactor classloader usage
- S7158800: Improve storage of symbol tables
- S7158801: Improve VM CompileOnly option
- S7158804: Improve config file parsing
- S7176337: Additional changes needed for 7158801 fix
- S7198606, CVE-2012-4416: Improve VM optimization
* Backports
- S7175845: \"jar uf\" changes file permissions unexpectedly
- S7177216: native2ascii changes file permissions of input file
- S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo
* Bug fixes
- PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default
Mon Sep 3 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.4 (bnc#777499)
* Security fixes
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
- S7182135: Impossible to use some editors directly
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
Mon Aug 20 14:00:00 2012 meissnerAATTsuse.com
- fixed gnome-java-bridge.jar file permissions. bnc#770040
Thu Jun 14 14:00:00 2012 dmuellerAATTsuse.com
- fix build for non-jit packages
Thu Jun 14 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.3 (bnc#766802)
* Security fixes
- S7079902, CVE-2012-1711: Refine CORBA data models
- S7110720: Issue with vm config file loadingIssue with vm config file loading
- S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
- S7143872, CVE-2012-1718: Improve certificate extension processing
- S7145239: Finetune package definition restriction
- S7152811, CVE-2012-1723: Issues in client compiler
- S7157609, CVE-2012-1724: Issues with loop
- S7160677: missing else in fix for 7152811
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
* Bug fixes
- PR1018: JVM fails due to SEGV during rendering some Unicode characters (part of 6886358)
Tue Jun 12 14:00:00 2012 cfarrellAATTsuse.com
- license update: GPL-2.0-with-classpath-exception
Use a license from http://www.spdx.org/licenses (or from the spreadsheet
linked at license.opensuse.org if spdx.org does not have a suitable
entry)
Mon May 14 14:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.2
* Bug fixes
- RH789154: javac error messages no longer contain the full path to the offending file:
- PR797: Compiler error message does not display entire file name and path
- PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6
- PR886: 6-1.11.1 fails to build CACAO on ppc
- Specify both source and target in IT_GET_DTDTYPE_CHECK.
- Install nss.cfg into j2re-image too.
- PR584: Don\'t use shared Eden in incremental mode.
* Backports
- S6792400: Avoid loading of Normalizer resources for simple uses
- fix fileconflict with java-1_7_0-openjdk
- add openjdk-6-src-b24-zero-increase-stack-size.patch by Dinar Valeev
Wed Apr 4 14:00:00 2012 reddwarfAATTopensuse.org
- Add xorg-x11 BuildRequires to have xprop
Mon Feb 27 13:00:00 2012 dmuellerAATTsuse.de
- fix build on ARM
Thu Feb 16 13:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.11.1 (bnc#747208)
* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch
Fri Feb 3 13:00:00 2012 roAATTsuse.de
- apply ppc patch also on s390/s390x
- add a 3 more void-return fixes to ppc patch
Fri Feb 3 13:00:00 2012 mvyskocilAATTsuse.cz
- update to icedtea6-1.11, openjdk b24
- ARM assembly language port reinstated and updated
- Allow selection of test suites using the jtreg_checks argument e.g. jtreg_checks=\"langtools\"
- Drop the outdated NIO2 backport. Users who want NIO2 should use IcedTea 2.x.
- Shark has been disabled
- Fixed build with GCC 4.7
Tue Jan 17 13:00:00 2012 mvyskocilAATTsuse.cz
- update to 1.10.5 (bugfix release)
* Backports
- S7034464: Support transparent large pages on Linux
- S7037939: NUMA: Disable adaptive resizing if SHM large pages are used
- S7102369: remove java.rmi.server.codebase property parsing from registyimpl
- S7094468: rmiregistry clean up
- S7103725, RH767129: REGRESSION - 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA
- S6851973, PR830: ignore incoming channel binding if acceptor does not set one
- S7091528: javadoc attempts to parse .class files
Sat Dec 10 13:00:00 2011 meissnerAATTsuse.de
- adjusted patch110 to fix ppc build.
Fri Dec 9 13:00:00 2011 mvyskocilAATTsuse.cz
- there is no architecture called arm, so use macro instead
Thu Dec 8 13:00:00 2011 mvyskocilAATTsuse.cz
- fix a stuff needed for gjc-based build
* change compiler flags in configure to gjc compatible
* added no-werror patch for openjdk-ecj
* avoid all aditional checking packages in this mode
* temporary remove memory size increase
* exclude patch110 in this case - TBD later
- definitelly drop noarch feature as it never worked well
- add arm to 32bit architectures
- remove rhino as a runtime dependency, as it\'s repackaged and
installed in the jvm\'s tree
- enable build --with-parallel-jobs
Wed Nov 30 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency
Fri Oct 21 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.4 (bnc#725167)
- Security fixes
* S7000600, CVE-2011-3547: InputStream skip() information leak
* S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
* S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
* S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
* S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
* S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
* S7055902, CVE-2011-3521: IIOP deserialization code execution
* S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
* S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
* S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
* S7077466, CVE-2011-3556: RMI DGC server remote code execution
* S7083012, CVE-2011-3557: RMI registry privileged code execution
* S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
- Bug fixes
- RH727195: Japanese font mappings are broken
- Backports
- S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog
Thu Aug 4 14:00:00 2011 mvyskocilAATTsuse.cz
- update to 1.10.3
- Bug fixes
* PR748: Icedtea6 fails to build with Linux 3.0.
* PR744: icedtea6-1.10.2 : patching error
- Backports:
* S7037283, RH712211: Null Pointer Exception in SwingUtilities2.
* S6769607, PR677: Modal frame hangs for a while.
* S6578583: Modality is broken in windows vista home premium from jdk1.7 b02 onwards.
* S6610244: modal dialog closes with fatal error if -Xcheck:jni is set
- don\'t touch java and javac alternatives anymore
Tue Jun 14 14:00:00 2011 mvyskocilAATTsuse.cz
- fix build on 11.1/i586 distros
* add icedtea6-replace-gcc-stack-marking.patch
Wed Jun 8 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#698739: icedtea6-1.10.2 released
- Security fixes
* S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
* S6618658, CVE-2011-0865: Vulnerability in deserialization
* S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
* S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
* S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings
* S7013971, CVE-2011-0869: Vulnerability in SAAJ
* S7016340, CVE-2011-0870: Vulnerability in SAAJ
* S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
* S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
* S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables
- Backports
* S7043054: REGRESSION - wrong userBounds in Paint.createContext()
* S7043963, RH698295: Window manager workaround in AWT was not applied to mutter. Now it is.
- add commented bouncycastle provider into java.security allowing easy enable it from rpm
requested by rgarrigue
Thu Jun 2 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#695858 - call update-ca-certificates in posttrans
Thu Apr 14 14:00:00 2011 mvyskocilAATTsuse.cz
- Fix the keystore handling
* remove the default (32 bytes long) keystore, if installed
* install symlinks in %posttrans, because older file not dissapear in post
Tue Apr 5 14:00:00 2011 mvyskocilAATTsuse.cz
- Update to icedtea6-1.10.1, openjdk b22, hotdpot 20b11
see following links for more details
http://blog.fuseyism.com/index.php/2011/04/04/icedtea6-1101-released/
http://blog.fuseyism.com/index.php/2011/03/02/icedtea6-110-released/
- Backports:
* S7023591, S7027667: Clipped antialiased rectangles are filled, not drawn.
Add missing privileged block around access to the sun.awt.nativedebug
property.
* S7032388, PR682: Make HotSpot work on machines without cmov instruction again
* S7031385, PR680: Incorrect register allocation in orderAccess_linux_x86.inline.hpp
Bug fixes:
* G356743: Support libpng 1.5.
* RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors
* PR600: HS19 upgrade broke CACAO build on ARM
* PR616, PR99: Don’t statically link libstdc++ or libgcc
* PR632: patches/security/20110215/6878713.patch breaks shark zero build
* PR103: Usage of native2ascii during bootstrap
* PR633: IcedTea installs javaws manpages on x86 even with –disable-webstart
* PR635: zero fails to build on icedtea6 trunk 20110217 with hs20
* PR586: Sources missing from src.zip
* PR639: Add missing include line, paths and LLVM flags for Shark.
* PR640: JamVM fails to build - Unrecognised option: -XX:ThreadStackSize.
* PR641: Increase stack size for PPC
* PR497: Mercurial revision detection not very reliable
* PR585: Freenet throws java.lang.UnsatisfiedLinkError with OpenJDK/CACAO
- remove webstart and plugin, as they are now in separate icedtwa-web project
- fix bnc#596177 - generate java cacerts at runtime (enabled for openSUSE 11.3+)
Tue Mar 15 13:00:00 2011 mvyskocilAATTsuse.cz
- remove policytool from javac alternative
Thu Feb 24 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#671714 - VUL-0: java-1_6_0-openjdk: permissions assigned to applets
with multiple JARs (icedtea6-1.9.7)
- Security updates
* S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
* S6907662, CVE-2010-4465: Swing timer-based security manager bypass
* S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation
* S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
* S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
* S6985453, CVE-2010-4471: Java2D font-related system property leak
* S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
* RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
* RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken
* G344659: Fix issue when building on SPARC
* Fix latent JAXP bug caused by missing import
- fix bnc#670304 - VUL-1: java-1_6_0-openjdk: denial of service using floats
(icedtea6-1.9.6)
- Security updates
* S4421494, CVE-2010-4476: infinite loop while parsing double literal
- patches changes:
* obsoletes stack-protector patches (already upstreamed)
* modified openjdk-6-src-b20-initialized-after.patch
* modified openjdk-6-src-b20-no-werror.patch
* openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch
* add openjdk-6-src-b20-stringcompare.patch
* add openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch
* add openjdk-6-src-b20-gcj-workaround.patch (11.2/x86_64 workaround)
Tue Feb 1 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#667313 - VUL-0: embargoed java icedtea issues
- Security updates
* RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
- Backports
* S6687968: PNGImageReader leaks native memory through an Inflater
* S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
* S6782079: PNG: reading metadata may cause OOM on truncated images
- Fixes
* PR619: Improper finalization by the plugin can crash the browser
Mon Jan 31 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bmo#582130 - symbol clash between moonlight and icedtea plugin
* icedtea6-1.9.4-moonlight-symbol-clash.patch
- mark cursor.properties a config
Mon Jan 17 13:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#664298 - VUL-0: java-1_6_0-openjdk: JNLPSecurityManager in some cases silently returns when a permission is denied
- Security updates:
* RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
- Backports
* S4356282: RFE: JDK should support OpenType/CFF fonts
* S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
* S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
* S6967436, RH597227: lines longer than 2^15 can fill window.
* S6967433: dashed lines broken when using scaling transforms.
* S6976265: No STROKE_CONTROL
* S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
* S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
- Fixes
- S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path
* icedtea6-1.9.4-realpath.patch use realpath to resolve the double symlinks
Tue Jan 11 13:00:00 2011 mvyskocilAATTsuse.cz
- Update to icedtea6-1.9.3
* Re-enable compressed oops by default now 7002666 is fixed.
* bakckport S7002666: Eclipse CDT projects crash with compressed oops
* fix reapply ia64 fix from S6896043 which was reverted by S6953477
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path
* wrote a proposal readlink-recursive.patch
* sent upstream - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=613
Wed Dec 1 13:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.2 (bnc#656742)
- Latest security updates and hardening patches:
* RH645843, CVE-2010-3860: IcedTea System property information leak via public static
- Upgrade to latest revision of hs19 (b09).
- Allow the building of NetX to be disabled.
- Backports
* S6622432: RFE: Performance improvements to java.math.BigDecimal
* S6850606: Regression from JDK 1.6.0_12
* S6876282: BigDecimal’s divide(BigDecimal bd, RoundingFormat r) produces incorrect result
* S6991430, PR579: Zero PowerPC fix.
* S6703377: freetype: glyph vector outline is not translated correctly
* S6853592: VM test nsk.regression.b4261880 fails with “X Error of failed request: BadWindow” inconsistently.
- Bug fixes
* RH647737: Disable compressed oops in hs19 to avoid Eclipse failures.
* RH643674: Update fontconfig files for Fedora 11, 12, 13 and 14.
- NetX
* Do not prompt user multiple times for the same certificate.
* PR592: NetX can create invalid desktop entry files
Fri Oct 22 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.9.1 (bnc#642531)
- update to openjdk-6-b20
* fixes listed on http://blog.fuseyism.com/index.php/2010/09/10/icedtea6-19-released/
- Latest security updates and hardening patches:
* S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation
* S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition
* S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities
* S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free
* S6938813, CVE-2010-3557: OpenJDK Swing mutable static
* S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak
* S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability
* S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution
* S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution
* S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies
* S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage
* S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host
* S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)
* S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code
* S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection
* S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts
* S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection
* S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
* (See: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html)
- IcedTeaPlugin:
* PR519: 100% CPU usage when displaying applets in Webkit based browsers
* Classes are no longer added to rt.jar, but to plugin.jar
- NetX:
* New man page for javaws
* Classes are no longer added to rt.jar, but to netx.jar
- bug fixes and backports
* S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes
* S6638712: Inference with wildcard types causes selection of inapplicable method
* S6650759: Inference of formal type parameter (unused in formal parameters) is not performed
* S6623943: javax.swing.TimerQueue’s thread occasionally fails to start
* RH633510: OpenJDK should use NUMA even if glibc doesn’t provide it
- misc:
* VisualVM support removed; now available in its own package at http://icedtea.classpath.org/hg/visualvm
* A separate build directory is now used for the OpenJDK build: openjdk.build-ecj (stage 1) and openjdk.build (stage 2)
- fix bnc#637224 - delta RPM for java-1_6_0-openjdk patch does not match installed data
* mark fontconfig and much more files as config noreplace
- fix bnc#648260 - update-alternatives: error: alternative pack200 can\'t be slave of java: it is a slave of javac
* move
*pack200
* from JRE to SDK
* add workaround into post removing the
*pack
* slaves from java alternative
- few more filters of rpmlint warnings
- Patches changes:
* openjdk-6-src-b16-lcms.patch - already included in b20
* openjdk-6-src-b17-enumeration-value.patch - already included in b20
* openjdk-6-src-b17-no-multiline-comments.patch - refresh for b20
* openjdk-6-src-b17-suggest-parentheses.patch - refresh for b20
* openjdk-6-src-b17-initialized-after.patch - refresh for b20
* openjdk-6-src-b20-defined-but-not-used.patch - new warn fix
* openjdk-6-src-b20-may-be-used-uninitialized.patch - new fix 2
* openjdk-6-src-b20-array-subscript-has-type-char.patch - new fix 3
* openjdk-6-src-b20-no-werror.patch - remove -Werror from more locations than before
* use quilt for applying of SUSE patches -> 2 new BR quilt and vim
Wed Jul 28 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.8.1 (bnc#623905)
- update to openjdk-6-b18
- Latest security updates and hardening patches:
* (CVE-2010-0837): JAR \"unpack200\" must verify input parameters (6902299)
* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
* (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- IcedTeaNPPlugin.
* RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error
* Set context classloader for all threads in an applet\'s threadgroup
* PR436: Close all applet threads on exit
* PR480: NPPlugin with NoScript extension.
* PR488: Question mark changing into underscore in URL.
* RH592553: Fix bug causing 100% CPU usage.
* Don\'t generate a random pointer from a pthread_t in the debug output.
* Add ForbiddenTargetException for legacy support.
* Use variadic macro for plugin debug message printing.
* Don\'t link the plugin with libxul libraries.
* Fix race conditions in plugin initialization code that were causing hangs.
* RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.
* Fix policy evaluation to match the proprietary JDK.
* PR491: pass java_{code,codebase,archive} parameters to Java.
* Adds javawebstart.version property and give user permission to read that property.
* Old plugin removed; NPPlugin is now the default and is controlled by
- -enable/disable-plugin. As with the old plugin, it produces a
IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.
* Dependence on the binary plugs mechanism removed. The plugin and NetX
code is now imported into the JDK build in the same manner as langtools,
CORBA, JAXP and JAXWS.
* Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342
- NetX:
* Fix security flaw in NetX that allows arbitrary unsigned apps to set
any java property.
* Fix a flaw that allows unsigned code to access any file on the
machine (accessible to the user) and write to it.
* Make path sanitization consistent; use a blacklisting approach.
* Make the SingleInstanceServer thread a daemon thread.
* Handle JNLP files which use native libraries but do not indicate it
* Allow JNLP classloaders to share native libraries
* Added encoding support
- bug fixes
* Nimbus Look \'n\' Feel backported from OpenJDK7.
* JAXP and JAXWS now external dependencies rather than being in-tree.
* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
* 6910590: Application can modify command array in ProcessBuilder
* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
* 6678385: Fixes jvm crashes when window is resized.
* Produces the \"expected\" behavior for full screen applications, when
running the Metacity window manager.
* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code
* Zero/Shark
* Shark is now able to build itself.
* For ARM, add Thumb2 JIT.
* Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.
* others
http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html
* Eliminate spurious exception throwing when using PulseAudio
* PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.
* PR PR icedtea/324, icedtea/481: Fix Shark VM crash.
* Fix Zero build on Hitachi SH.
* PR476: Enable building SystemTap support on GCC 4.5.
- disabled systemtap support on openSUSE 11.2, as it requires more recent version
- require xulrunner191 on 11.1 too
Thu May 20 14:00:00 2010 mvyskocilAATTsuse.cz
- Change the policytool.desktop category to Utilities
Wed May 19 14:00:00 2010 roAATTsuse.de
- set locale to utf-8 variant to fix build
(broke when going over certificates with utf-8 filenames)
Thu May 13 14:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#603316: openjdk run out of file descriptors
* add openjdk-6-src-b17-stack-protector-fclose.patch
add the missing fclose to the stack-protector patch
Wed Apr 28 14:00:00 2010 mvyskocilAATTsuse.cz
- fixes ppc build
* enable nio2 only for ix86 and x86_64
* refresh openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- ignore old libopenssl on 11.3+
- use patch -i, instead of shell redirection
Mon Apr 12 14:00:00 2010 mvyskocilAATTsuse.cz
- update to icedtea6-1.7.3 (bnc#594415)
- security and hardending
* (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299)
* (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807
* (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
* (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
* (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
* (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
* (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
* (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
* (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
* (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
* (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
* (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
* (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
* (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
* (CVE-2009-3555): TLS: MITM attacks via session renegotiation
* 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
* 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
* 6910590: Application can modify command array in ProcessBuilder
* 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
* 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- Bug fixes:
* Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock
* Increase ThreadStackSize by 512kb on 32-bit Zero platforms
* Check cacerts database is valid
* Fix for plugin buffer overflow: Mozilla bug 555342
* Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code
Thu Mar 18 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#589021 - Better protect java stack
* openjdk-6-src-b17-stack-protector.patch
Thu Mar 4 13:00:00 2010 mvyskocilAATTsuse.cz
- Updates:
* icedtea6-1.7
* openjdk6 b17 14_oct_2009
- Enabled NPPlugin - fix [bnc#582206]
- patches changes:
* obsolete java-1.6.0-openjdk-sparc-fixes.patch
* obsolete java-1.6.0-openjdk-sparc-hotspot.patch
* obsolete icedtea6-1.6-npplugin-xulrunner191.patch
* obsolete icedtea6-1.6-no-return-in-nonvoid-function.patch
* obsolete icedtea6-ecc-support-b387a64caa08.patch
* add a lot of patches fixes a build of openjdk6 with gcc4.5 using
- Werror -Wall
openjdk-6-src-b17-no-multiline-comments.patch
openjdk-6-src-b17-enumeration-value.patch
openjdk-6-src-b17-suggest-parentheses.patch
openjdk-6-src-b17-no-efect.patch
openjdk-6-src-b17-initialized-after.patch
openjdk-6-src-b17-unused-variable.patch
* openjdk-6-src-b17-no-werror.patch (suppress the errors in autogenerated
code)
* icedtea6-1.7-no-return-in-non-void.patch
- move the noarch content to %%{_datadir}/ and create symlinks in usual
locations
- move demo/jvmti to the -devel package as it contains so files
- enable the --short-circuit in %%install section
- new alternatives - policytool and policytool.1.gz
Tue Feb 9 13:00:00 2010 prusnakAATTsuse.cz
- enable noarch subpackages
Mon Nov 23 13:00:00 2009 mvyskocilAATTsuse.cz
- Removed openjdk-6-src-b14-confluence-crash.patch from source dir
Tue Nov 10 13:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#554069 - VUL-0: Icedtea6 1.6.2 released
* a lot of security patches in icedtea6-1.6.2
* Improved jar performance,
http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b35f1e5075a4
- Obsoleted java-1.6.0-openjdk-makefile.patch
Wed Oct 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#546468: openjdk fails on certificate creation
applied upstream patch icedtea6-ecc-support-b387a64caa08.patch
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356
- Moved back from npplugin, as its not mature
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=385#c5
Thu Oct 8 14:00:00 2009 mvyskocilAATTsuse.cz
- Use 1.6.0 instead of javamajver macro to supress percent in provides error.
Tue Sep 29 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#542545: added 32/64bit specific provides to be compatible with
other JVM and OpenOffice.org
Thu Sep 10 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:
* icedtea6-1.6 - fixes bnc#537969
* hospot 09f7962b8b44
- patches changes:
* added icedtea6-1.6-npplugin-xulrunner191.patch
* added java-1.6.0-openjdk-sparc-fixes.patch (from Fedora)
* added java-1.6.0-openjdk-sparc-hotspot.patch (from Fedora)
* added icedtea6-1.6-no-return-in-nonvoid-function.patch
(allows build on 11.1)
* regenerated java-1.6.0-openjdk-java-access-bridge-security.patch
* regenerated java-1.6.0-openjdk-makefile.patch
* removed icedtead6-1.5-npplugin-xulrunner191.patch
* removed java-1.6.0-openjdk-execvpe.patch
* removed java-1.6.0-openjdk-netx.patch
Wed Aug 19 14:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#530046 - jmap fails: NoSuchSymbolException: Could not find symbol
\"gHotSpotVMTypeEntryTypeNameOffset\"
keep non debug symbols in libjvm.so
Tue Aug 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:
* icedtea6-1.5.1 contains a lot of security fixes from Sun JDK6u15
This includes fixes for:
* bnc#524505: Vulnerability in OpenJDK/NetX
* bnc#514421: XML Signature weakness (HMAC truncation)
- Fixed bnc#521512: lcms pointer dereference
- Dropped some s390 patches, because they was obsoleted and not used
- Fixed bnc#525097 - openjdk installs dead .desktop files
* now removed
*.desktop from %%files of openjdk
Wed Jul 29 14:00:00 2009 mvyskocilAATTsuse.cz
- Updates:
* icedtea-1.5
* visualvm-111
* hotspot 25a020f13592
- Fixed bnc#525097 - openjdk installs dead .desktop files
- Remove archsuffix usage
- patches changes:
* added java-1.6.0-openjdk-accessible-toolkit.patch
* added java-1.6.0-openjdk-netx.patch
* added java-1.6.0-openjdk-execvpe.patch
* added icedtead6-1.5-nppplugin-xulrunner191.patch
* removed openjdk-6-src-b14-confluence-crash.patch
* refreshed java-1.6.0-openjdk-makefile.patch
- new features and fixes:
* Fixed security handling to prevent access denials when there is a site
specific exception in the policy file
* Allow extentions (chrome) to run Java code with full permissions
* Added non-trusted SSL support to WebStart (javaws)
* Added proxy support
* Other improvements that were breaking specific sites (tag parser fix,
nested jar support, etc.)
* Added JVM Console (used by http://chrispederick.com/work/web-developer/)
* Many gervill, java2d, nio2, pulse java, zero/shark, jtreg fixes.
* New IcedTeaNPPlugin
Thu Jun 11 14:00:00 2009 mvyskocilAATTsuse.cz
- Merged fontfonfig for openjdk and Sun:
* Use Sazanami Mincho for monospaced fonts
* Added AWT X11 font paths
Mon May 25 14:00:00 2009 mvyskocilAATTsuse.cz
- Enabled systemtap only for jit architectures only
- Refreshed non-return-in-non-void ppc patch
Fri May 15 14:00:00 2009 mvyskocilAATTsuse.cz
- \'used systemtap-sdt-devel (see bnc#503088)\'
Thu May 14 14:00:00 2009 mvyskocilAATTsuse.cz
- Change version system for openjdk, now it uses a
%%{javaver}.%%{buildver}_%{{openjdkver}
- Enabled systemtap support
- Moved jpackage macro definitions upper in spec
Wed May 13 14:00:00 2009 mvyskocilAATTsuse.cz
- updates:
* openjdk b16
* icedtea snapshot cc658d9f4a64
* hotspot snapshot fc6a5ae3fef5
- new features:
* systemtap support (not yet enabled in SUSE)
* removed gcjwebplugin
* fixed lcms breakage
https://bugs.openjdk.java.net/show_bug.cgi?id=100050
* fixes in JNLP runtime
* various improvements in support of third party VMs (shark, cacao, zero)
- patches changes:
* removed obsoleted pulseaudio patch
* added openjdk-6-src-b16-no-return-in-nonvoid-function.patch
- enabled tests
- build using xulrunner 1.9.1 on 11.2
Tue Apr 21 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#496378: openjdk has an empty keystore
Tue Apr 14 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#493146: pulse-java integer overflow
Tue Apr 7 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#492555: tomcat6 and confluence causes a JVM crash
http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/039a914095f4
Fri Apr 3 14:00:00 2009 mvyskocilAATTsuse.cz
- icedtea 1.4.1:
- Fixed version string: Set PRODUCT_NAME to OpenJDK, unless doing a CACAO
build (set to IcedTea).
- Plugin fixes: icedtead bug#264.
- Re-implemented visualvm.
Mon Mar 2 13:00:00 2009 mvyskocilAATTsuse.cz
- fixed ppc/ppc64 build bnc#471829 comment#28
- added openjdk-6-src-b14-no-return-in-nonvoid-function-ppc.patch
