openjdk-8 8u111-b14-2ubuntu0.16.04.2 source package in Ubuntu

Changelog

openjdk-8 (8u111-b14-2ubuntu0.16.04.2) xenial-security; urgency=medium

  * Backport to 16.04.

openjdk-8 (8u111-b14-2ubuntu0.16.10.2) yakkety-security; urgency=medium

  * debian/rules: remove samevm/othervm options from jtreg tests.
  * debian/buildwatch.sh: noisy and quiet logic blocks were swapped.

openjdk-8 (8u111-b14-2ubuntu0.16.10.1) yakkety-security; urgency=medium

  * Security fixes in 8u111:
    - CVE-2016-5568, S8158993: Service Menu services.
    - CVE-2016-5582, S8160591: Improve internal array handling.
    - CVE-2016-5573, S8159519: Reformat JDWP messages.
    - CVE-2016-5597, S8160838: Better HTTP service.
    - CVE-2016-5554, S8157739: Classloader Consistency Checking.
    - CVE-2016-5542, S8155973: Tighten jar checks.
  * debian/rules: removed all mauve and cacao references, updated jtreg tests
    to use agentvm and auto concurrency, use autoconf 2.68 for precise.
  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
    as it probably means that the build failed - otherwise buildwatch keeps
    the builder alive until it exits after the timer (3 hours by default)
    expires.
  * debian/control.in: removed mauve and cacao references.
  * debian/copyright.cacao: deleted file.
  * debian/README.source: removed caco and mauve references.
  * debian/patches/aarch64.diff: removed cacao vm reference.
  * debian/patches/autoconf-2.68.diff: reduce minimum autoconf requirement to
    2.68.
  * debian/patches/autoconf-select.diff: deleted file as it has been replaced
    by autoconf 2.68 changes for precise.
  * debian/patches/cacao-armv4.diff: deleted file.
  * debian/tests/control: added autopkgtest to run jtreg testsuite.
  * debian/tests/jtreg-autopkgtest: run jtreg tests on autopkgtest.

openjdk-8 (8u111-b14-2) unstable; urgency=high

  * Apply the kfreebsd patches conditionally.

openjdk-8 (8u111-b14-1) unstable; urgency=high

  * Update to 8u111-b14, including security fixes.
  * Enable hotspot builds for sparc64. Closes: #835973.

openjdk-8 (8u102-b14.1-2) unstable; urgency=medium

  * Fix build failure with GCC 6. Closes: #811694.
  * Fix JamVM, lacking JVM_GetResourceLookupCacheURLs (Xerxes Rånby).
    Closes: #826206.
  * Explicitly build using GCC 6.

openjdk-8 (8u102-b14.1-1) unstable; urgency=medium

  * Use the 8u101 tarballs instead of the 8u102 tarballs (inventing a fake
    version number).

openjdk-8 (8u102-b14-2) unstable; urgency=medium

  * Update AArch64 and KFreeBSD patches.

openjdk-8 (8u102-b14-1) unstable; urgency=medium

  * Update to 8u101-b14, including security fixes:
  * IIOP Input Stream Hooking. CVE-2016-3458:
    defaultReadObject is not forbidden in readObject in subclasses of
    InputStreamHook which provides leverage to deserialize malicious objects
    if a reference to the input stream can be obtained separately.
  * Complete name checking. S8148872, CVE-2016-3500:
    In some cases raw names in XML data are not checked for length limits
    allowing for DoS attacks.
  * Better delineation of XML processing. S8149962, CVE-2016-3508:
    Denial of service measures do not take newline characters into account.
    This can be used to conduct attacks like the billion laughs DoS.
  * Coded byte streams. S8152479, CVE-2016-3550:
    A fuzzed class file triggers an integer overflow in array access.
  * Clean up lookup visibility. S8154475, CVE-2016-3587:
    A fast path change allowed access to MH.invokeBasic via the public lookup
    object. MH.iB does not do full type checking which can be used to create
    type confusion.
  * Bolster bytecode verification. S8155981, CVE-2016-3606:
    The bytecode verifier checks that any classes' <init> method calls
    super.<init> before returning. There is a way to bypass this requirement
    which allows creating subclasses of classes that are not intended to be
    extended.
  * Persistent Parameter Processing. S8155985, CVE-2016-3598:
    TOCTOU issue with types List passed into dropArguments() which can be used
    to cause type confusion.
  * Additional method handle validation. S8158571, CVE-2016-3610:
    MHs.filterReturnValue does not check the filter parameter list size.
    The single expected parameter is put in the last parameter position for
    the filter MH allowing for type confusion.
  * Enforce GCM limits. S8146514:
    In GCM the counter should not be allowed to wrap (per the spec), since that
    plus exposing the encrypted data could lead to leaking information.
  * Construction of static protection domains. S8147771:
    SubjectDomainCombiner does not honor the staticPermission field and will
    create ProtectionDomains that vary with the system policy which may allow
    unexpected permission sets.
  * Share Class Data. S8150752:
    Additional verification of AppCDS archives is required to prevent an
    attacker from creating a type confusion situation.
  * Enforce update ordering. S8149070:
    If the GCM methods update() and updateAAD() are used out of order, the
    security of the system can be weakened and an exception should be thrown
    to warn the developer.
  * Constrain AppCDS behavior. S8153312:
    AppCDS does not create classloader constraints upon reloading classes
    which could allow class spoofing under some circumstances.

 -- Tiago Stürmer Daitx <email address hidden>  Thu, 27 Oct 2016 14:18:35 +0000

Upload details

Uploaded by:
Tiago Stürmer Daitx on 2016-10-27
Uploaded to:
Xenial
Original maintainer:
OpenJDK
Architectures:
alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
Section:
java
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openjdk-8_8u111-b14.orig.tar.gz 61.0 MiB 353e7382c88bcf2b10d673b9b305c87ed733bd00c02b8497c565b37741ae1c30
openjdk-8_8u111-b14-2ubuntu0.16.04.2.debian.tar.xz 227.3 KiB b51a22600b5a393059f1444eb1b12b8a005f646d19bdf571f55aed9be1bbd57f
openjdk-8_8u111-b14-2ubuntu0.16.04.2.dsc 4.5 KiB 3c4974ee94759fcd494a777da49cfd20c14571b00e9a404d73ee3887bb21f8af

View changes file

Binary packages built by this source

openjdk-8-dbg: Java runtime based on OpenJDK (debugging symbols)

 OpenJDK is a development environment for building applications,
 applets, and components using the Java programming language.
 .
 This package contains the debugging symbols.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-demo: Java runtime based on OpenJDK (demos and examples)

 OpenJDK Java runtime
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-doc: OpenJDK Development Kit (JDK) documentation

 OpenJDK is a development environment for building applications,
 applets, and components using the Java programming language.
 .
 This package contains the API documentation.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-jdk: OpenJDK Development Kit (JDK)

 OpenJDK is a development environment for building applications,
 applets, and components using the Java programming language.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-jdk-headless: OpenJDK Development Kit (JDK) (headless)

 OpenJDK is a development environment for building applications,
 applets, and components using the Java programming language.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-jre: OpenJDK Java runtime, using Hotspot Zero

 Full Java runtime environment - needed for executing Java GUI and Webstart
 programs, using Hotspot Zero.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot Zero (headless)

 Minimal Java runtime - needed for executing non GUI Java programs,
 using Hotspot Zero.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.

openjdk-8-jre-jamvm: Transitional package for obsolete JamVM for OpenJDK

 JamVM support was removed for recent versions of OpenJDK 8.
 .
 This is a transitional package which can be safely removed.

openjdk-8-jre-zero: Alternative JVM for OpenJDK, using Zero/Shark

 The package provides an alternative runtime using the Zero VM and the
 Shark Just In Time Compiler (JIT). Built on architectures in addition
 to the Hotspot VM as a debugging aid for those architectures which don't
 have a Hotspot VM.
 .
 The VM is started with the option `-zero'. See the README.Debian for details.

openjdk-8-source: OpenJDK Development Kit (JDK) source files

 OpenJDK is a development environment for building applications,
 applets, and components using the Java programming language.
 .
 This package contains the Java programming language source files
 (src.zip) for all classes that make up the Java core API.
 .
 The packages are built using the IcedTea build support and patches
 from the IcedTea project.