Change logs for openjdk-6 source package in Oneiric

  • openjdk-6 (6b27-1.12.5-0ubuntu0.11.10.1) oneiric-security; urgency=low
    
      * Regenerate the control file.
    
    openjdk-6 (6b27-1.12.5-1) unstable; urgency=low
    
      * IcedTea 1.12.5 release.
      * Security fixes:
        - S6657673, CVE-2013-1518: Issues with JAXP.
        - S7200507: Refactor Introspector internals.
        - S8000724, CVE-2013-2417: Improve networking serialization.
        - S8001031, CVE-2013-2419: Better font processing.
        - S8001040, CVE-2013-1537: Rework RMI model.
        - S8001322: Refactor deserialization.
        - S8001329, CVE-2013-1557: Augment RMI logging.
        - S8003335: Better handling of Finalizer thread.
        - S8003445: Adjust JAX-WS to focus on API.
        - S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
        - S8004261: Improve input validation.
        - S8004336, CVE-2013-2431: Better handling of method handle
          intrinsic frames.
        - S8004986, CVE-2013-2383: Better handling of glyph table.
        - S8004987, CVE-2013-2384: Improve font layout.
        - S8004994, CVE-2013-1569: Improve checking of glyph table.
        - S8005432: Update access to JAX-WS.
        - S8005943: (process) Improved Runtime.exec.
        - S8006309: More reliable control panel operation.
        - S8006435, CVE-2013-2424: Improvements in JMX.
        - S8006790: Improve checking for windows.
        - S8006795: Improve font warning messages.
        - S8007406: Improve accessibility of AccessBridge.
        - S8007617, CVE-2013-2420: Better validation of images.
        - S8007667, CVE-2013-2430: Better image reading.
        - S8007918, CVE-2013-2429: Better image writing.
        - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
        - S8009305, CVE-2013-0401: Improve AWT data transfer.
        - S8009699, CVE-2013-2421: Methodhandle lookup.
        - S8009814, CVE-2013-1488: Better driver management.
        - S8009857, CVE-2013-2422: Problem with plugin.
        - RH952389: Temporary files created with insecure permissions.
      * Backports;
        - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle
          > 32 bit shifts
        - S7036559: ConcurrentHashMap footprint and contention improvements.
        - S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom
          BeanInfo: Class param (with WeakCache from S6397609).
        - S6501644: Sync LayoutEngine *code* structure to match ICU.
        - S6886358: Layout code update.
        - S6963811: Deadlock-prone locking changes in Introspector.
        - S7017324: Kerning crash in JDK 7 since ICU layout update.
        - S7064279: Introspector.getBeanInfo() should release some resources
          in timely manner.
        - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01.
        - S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial
          for S6657673).
        - S8009530: ICU Kern table support broken.
      * Bug fixes:
        - OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906).
        - PR1362: Fedora 19 / rawhide FTBFS SIGILL.
        - PR1338: Remove dependency on libXp.
        - PR1339: Simplify the rhino class rewriter to avoid use of concurrency.
        - PR1319: Correct #ifdef to #if
        - Give xalan/xerces access to their own internal packages.
    
    openjdk-6 (6b27-1.12.4-1) unstable; urgency=high
    
      * IcedTea 1.12.4 release.
      * Security fixes:
        - S8007014, CVE-2013-0809: Improve image handling.
        - S8007675, CVE-2013-1493: Improve color conversion.
    
    openjdk-6 (6b27-1.12.3-1) unstable; urgency=high
    
      * IcedTea 1.12.3 release.
      * Security fixes:
        - S8006446: Restrict MBeanServer access.
        - S8006777: Improve TLS handling of invalid messages.
        - S8007688: Blacklist known bad certificate.
      * Backports:
        - S8007393: Possible race condition after JDK-6664509.
        - S8007611: logging behavior in applet changed.
      * Disable bootstrap build on alpha, currently broken.
     -- Jamie Strandboge <email address hidden>   Thu, 25 Apr 2013 08:38:14 -0500
  • openjdk-6 (6b27-1.12.3-0ubuntu1~11.10.1) oneiric-security; urgency=low
    
      * Security fixes:
        - S8007014, CVE-2013-0809: Improve image handling
        - S8007675, CVE-2013-1493: Improve color conversion
        - debian/rules: updated to add 8007014.patch and 8007675.patch
     -- Jamie Strandboge <email address hidden>   Mon, 04 Mar 2013 17:39:13 -0600
  • openjdk-6 (6b27-1.12.3-0ubuntu1~11.10) oneiric-security; urgency=low
    
      * Build for 11.10.
    
    openjdk-6 (6b27-1.12.3-1ubuntu1) raring; urgency=low
    
      * Regenerate the control file.
    
    openjdk-6 (6b27-1.12.3-1) unstable; urgency=high
    
      * IcedTea 1.12.3 release.
      * Security fixes:
        - S8006446: Restrict MBeanServer access.
        - S8006777: Improve TLS handling of invalid messages.
        - S8007688: Blacklist known bad certificate.
      * Backports:
        - S8007393: Possible race condition after JDK-6664509.
        - S8007611: logging behavior in applet changed.
      * Disable bootstrap build on alpha, currently broken.
     -- Matthias Klose <email address hidden>   Tue, 19 Feb 2013 23:57:58 +0100
  • openjdk-6 (6b27-1.12.1-2ubuntu0.11.10.2) oneiric-security; urgency=low
    
      * Upload for oneiric
     -- Jamie Strandboge <email address hidden>   Thu, 07 Feb 2013 21:09:25 -0600
  • openjdk-6 (6b24-1.11.5-0ubuntu1~11.10.1) oneiric-security; urgency=low
    
      * Build for oneiric.
    
    openjdk-6 (6b24-1.11.5-0ubuntu1) quantal-security; urgency=low
    
      * IcedTea 1.11.5 release.
      * Security fixes
        - S6631398, CVE-2012-3216: FilePermission improved path checking.
        - S7093490: adjust package access in rmiregistry.
        - S7143535, CVE-2012-5068: ScriptEngine corrected permissions.
        - S7167656, CVE-2012-5077: Multiple Seeders are being created.
        - S7169884, CVE-2012-5073: LogManager checks do not work correctly
          for sub-types.
        - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI
          connector.
        - S7172522, CVE-2012-5072: Improve DomainCombiner checking.
        - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC.
        - S7189103, CVE-2012-5069: Executors needs to maintain state.
        - S7189490: More improvements to DomainCombiner checking.
        - S7189567, CVE-2012-5085: java net obselete protocol.
        - S7192975, CVE-2012-5071: Conditional usage check is wrong.
        - S7195194, CVE-2012-5084: Better data validation for Swing.
        - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be
          improved.
        - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing
          to create instance.
        - S7198296, CVE-2012-5089: Refactor classloader usage.
        - S7158800: Improve storage of symbol tables.
        - S7158801: Improve VM CompileOnly option.
        - S7158804: Improve config file parsing.
        - S7176337: Additional changes needed for 7158801 fix.
        - S7198606, CVE-2012-4416: Improve VM optimization.
      * Bug fixes
        - S7175845: "jar uf" changes file permissions unexpectedly.
        - S7177216: native2ascii changes file permissions of input file.
        - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo.
    
    openjdk-6 (6b24-1.11.4-3ubuntu1) quantal; urgency=low
    
      * Merge with Debian.
    
    openjdk-6 (6b24-1.11.4-3) unstable; urgency=low
    
      * Regenerate the control file to fix build dependencies on mips/mipsel.
    
    openjdk-6 (6b24-1.11.4-2) unstable; urgency=low
    
      * Remove the autoconf Xp check.
     -- Matthias Klose <email address hidden>   Thu, 18 Oct 2012 11:26:38 +0200
  • openjdk-6 (6b24-1.11.4-1ubuntu0.11.10.1) oneiric-security; urgency=low
    
      * SECURITY UPDATE: Update to IcedTea 6 1.11.4
        - Security fixes:
          - S7162476, CVE-2012-1682: XMLDecoder security issue via
            ClassFinder
          - S7163201, CVE-2012-0547: Simplify toolkit internals references
        - Bug fixes:
          - S7182135: Impossible to use some editors directly
          - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
            failed with NPE
     -- Steve Beattie <email address hidden>   Fri, 31 Aug 2012 22:16:29 -0700
  • openjdk-6 (6b24-1.11.3-1ubuntu0.11.10.1) oneiric-security; urgency=low
    
      * Backport OpenJDK 6b24/IcedTea 1.11.3 to oneiric.
      * debian/patches/java-access-bridge-security.patch: updated
      * debian/control.zero-jre: add powerpc arch back, to get empty
        transitional package
      * debian/rules: install README.Debian for openjdk-6-jre-zero to create
        empty transitional package and create package
      * debian/README.Debian: explain openjdk-6-jre-zero went away
      * regenerate debian/control
      * add back build depends on g++-4.5 for armel/armhf
    
    openjdk-6 (6b24-1.11.3-1ubuntu0.12.04.1) precise-security; urgency=low
    
      * SECURITY UPDATE: update to IcedTea 6 1.11.3
        - Security fixes:
          - S7079902, CVE-2012-1711: Refine CORBA data models
          - S7110720: Issue with vm config file loadingIssue with vm
            config file loading
          - S7143606, CVE-2012-1717: File.createTempFile should be improved
            for temporary files created by the platform.
          - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
          - S7143617, CVE-2012-1713: Improve fontmanager layout lookup
            operations
          - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation
            in RMIC
          - S7143872, CVE-2012-1718: Improve certificate extension
            processing
          - S7145239: Finetune package definition restriction
          - S7152811, CVE-2012-1723: Issues in client compiler
          - S7157609, CVE-2012-1724: Issues with loop
          - S7160677: missing else in fix for 7152811
          - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
        - Bug fixes:
          - PR1018: JVM fails due to SEGV during rendering some Unicode
            characters (part of 6886358)
      * Changelog, Makefile.am, aclocal.m4,
        arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp,
        patches/idresolver_fix.patch,
        patches/openjdk/6792400-Avoid_loading_Normalizer_resources.patch:
        drop inline changes, applied upstream
      * debian/patches/atk-wrapper-security.patch: updated
      * Makefile.{am,in}: don't apply patches/jtreg-LastErrorString.patch as
        it causes the testsuite runner to fail.
     -- Steve Beattie <email address hidden>   Thu, 28 Jun 2012 12:14:37 -0700
  • openjdk-6 (6b23~pre11-0ubuntu1.11.10.2) oneiric-security; urgency=low
    
      * SECURITY UPDATE: apply patches from IcedTea 6 1.11.1
        - Security fixes:
          - patches/security/20120214/7082299.patch:
            S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
          - patches/security/20120214/7088367.patch:
            S7088367, CVE-2011-3563: Fix issues in java sound
          - patches/security/20120214/7110683.patch:
            S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager
            method
          - patches/security/20120214/7110687.patch:
            S7110687, CVE-2012-0503: Issues with TimeZone class
          - patches/security/20120214/7110700.patch:
            S7110700, CVE-2012-0505: Enhance exception throwing mechanism
            in ObjectStreamClass
          - patches/security/20120214/7110704.patch:
            S7110704, CVE-2012-0506: Issues with some method in corba
          - patches/security/20120214/7112642.patch:
            S7112642, CVE-2012-0497: Incorrect checking for graphics
            rendering object
          - patches/security/20120214/7118283.patch:
            S7118283, CVE-2012-0501: Better input parameter checking in
            zip file processing
          - patches/security/20120214/7126960.patch:
            S7126960, CVE-2011-5035: (httpserver) Add property to limit
            number of request headers to the HTTP Server
          - patches applied inline due to significant differences between
            the oneiric snapshot and icedtea6 1.11
      * Makefile.{am,in}:
        - apply patches
        - applied inline
     -- Steve Beattie <email address hidden>   Wed, 22 Feb 2012 13:18:00 -0800
  • openjdk-6 (6b23~pre11-0ubuntu1.11.10.1) oneiric-security; urgency=low
    
      * debian/patches/openjdk-7103725-ssl_beast_regression.patch:
        Add regression fix for broken ssl connectivity when using
        TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761)
     -- Steve Beattie <email address hidden>   Wed, 18 Jan 2012 16:05:20 -0800
  • openjdk-6 (6b23~pre11-0ubuntu1.11.10) oneiric-security; urgency=low
    
      * Build for oneiric.
    
    openjdk-6 (6b23~pre11-1) unstable; urgency=high
    
      * Build with jpeg8. Closes: #644070.
      * Tighten inter-package dependencies for Debian builds. Closes: #641240.
    
    openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low
    
      * Update from the IcedTea6 branch (20111019) LP: #878684.
        - Security fixes:
          - S7000600, CVE-2011-3547: InputStream skip() information leak.
          - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
          - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
          - S7032417, CVE-2011-3552: excessive default UDP socket limit under
            SecurityManager.
          - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
          - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
            engine.
          - S7055902, CVE-2011-3521: IIOP deserialization code execution.
          - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
            error checks.
          - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
            against SSL/TLS (BEAST).
          - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
            PorterStemmer.
          - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
          - S7083012, CVE-2011-3557: RMI registry privileged code execution.
          - S7096936, CVE-2011-3560: missing checkSetFactory calls in
            HttpsURLConnection.
        - Update JamVM.
          - Implement classlibCheckIfOnLoad().
          - Make thread states JVMTI compatible.
          - Handle 'g' when specifying memory + extra checks.
          - Make command line compatibility options table-driven.
        - Update CACAO.
    
    openjdk-6 (6b23~pre10-1) unstable; urgency=low
    
      [ Matthias Klose ]
      * Fix exception on trying to start PulseAudio playback on ARM (Xerxes
        Rånby, David Henningsson). LP: #862286.
    
      [ Damien Raude-Morvan ]
      * Add myself to Uploaders.
      * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
        non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
        to sun.* code. (Closes: #642734, #642598).
     -- Matthias Klose <email address hidden>   Thu, 20 Oct 2011 18:05:17 +0200
  • openjdk-6 (6b23~pre10-0ubuntu5) oneiric; urgency=low
    
      * Enable pulseaudio to work in combination with JVMs that strictly
        implement the JNI spec (Fixes pulseaudio on armel/armhf).
     -- Matthias Klose <email address hidden>   Tue, 04 Oct 2011 13:43:47 +0200
  • openjdk-6 (6b23~pre10-0ubuntu4) oneiric; urgency=low
    
      [ Matthias Klose ]
      * Fix exception on trying to start PulseAudio playback on ARM (Xerxes
        Rånby, David Henningsson). LP: #862286.
    
      [ Damien Raude-Morvan ]
      * Add myself to Uploaders.
      * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
        non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
        to sun.* code. (Closes: #642734, #642598).
     -- Matthias Klose <email address hidden>   Thu, 29 Sep 2011 17:28:29 +0200
  • openjdk-6 (6b23~pre10-0ubuntu3) oneiric; urgency=low
    
      * Don't use the broken symlink to build on armel.
     -- Matthias Klose <email address hidden>   Tue, 27 Sep 2011 15:43:03 +0200
  • openjdk-6 (6b23~pre10-0ubuntu2) oneiric; urgency=low
    
      * Fix dangling java-1.6.0-openjdk symlink.
     -- Matthias Klose <email address hidden>   Tue, 27 Sep 2011 14:04:08 +0200
  • openjdk-6 (6b23~pre10-0ubuntu1) oneiric; urgency=low
    
      * Update from the IcedTea6 branch (20110926).
        - OpenJDK:
          - S6826104: Getting a NullPointer exception when clicked on
            Application & Toolkit Modal dialog.
          - S5082756: Image I/O plug-ins set metadata boolean attributes to "true"
            or "false".
          - S6296893: BMP Writer handles TopDown property incorrectly for some
            of the compression types.
        - JamVM:
          - Add support for armhf.
          - Skip Java-reflection-related DelegatingClassLoaders, enables JamVM
            to run NetBeans.
          - Generic JNI stubs for common JNI method signatures.
          - Fix memory heap arguments in terms of gigabytes.
          - armhf: ensure stack is 8 byte aligned.
        - CACAO:
          - CA149: Used wrong class loader.
          - src/vm/javaobjects.cpp (java_lang_reflect_Method::invoke): [OPENJDK] stack
          - index of caller was off by one, causing many apt (Annotation Processing Tool)
            failures.
      * Default to JamVM on armhf.
     -- Matthias Klose <email address hidden>   Mon, 26 Sep 2011 15:23:21 +0200
  • openjdk-6 (6b23~pre8-1ubuntu1) oneiric; urgency=low
    
      * Merge with Debian.
    
    openjdk-6 (6b23~pre8-1) unstable; urgency=low
    
      * Update from the IcedTea6 branch (20110820).
        - JamVM updates.
      * Build using GCC-4.4 on sparc and sparc64.
      * Enable testsuite runs in s390x.
    
    openjdk-6 (6b23~pre7-1) unstable; urgency=low
    
      * Update from the IcedTea6 branch (20110816).
        - JamVM updates.
      * Fix typo for s390x build.
     -- Matthias Klose <email address hidden>   Sat, 20 Aug 2011 14:21:52 +0200
  • openjdk-6 (6b23~pre7-1ubuntu1) oneiric; urgency=low
    
      * Update JamVM.
    
    openjdk-6 (6b23~pre7-1) unstable; urgency=low
    
      * Update from the IcedTea6 branch (20110816).
        - JamVM updates.
      * Fix typo for s390x build.
    
    openjdk-6 (6b23~pre6-1) unstable; urgency=low
    
      * Update from the IcedTea6 branch (20110814).
      * Disable cacao for armhf.
      * Build using g++-4.5 on armhf.
      * Call dbus-launch --exit-with-session in testsuite. Closes: #612394.
      * Build for s390x using Zero.
    
    openjdk-6 (6b23~pre5-1) experimental; urgency=low
    
      * Build using GCC-4.4 on mips/mipsel. Closes: #628621.
     -- Matthias Klose <email address hidden>   Tue, 16 Aug 2011 09:37:30 +0200
  • openjdk-6 (6b23~pre5-0ubuntu1) oneiric; urgency=low
    
      * Update from the IcedTea6 branch (20110810).
      * Build using GCC-4.4 on mips/mipsel.
     -- Matthias Klose <email address hidden>   Wed, 10 Aug 2011 10:46:25 +0200
  • openjdk-6 (6b23~pre4-2ubuntu1) oneiric; urgency=low
    
      * Regenerate the control file.
    
    openjdk-6 (6b23~pre4-2) experimental; urgency=low
    
      * openjdk-6-jre-headless: Depend on icedtea-6-jre-jamvm, if it's
        the default VM.
      * Use gcj-4.4 as the stage1 java VM on mips and mipsel.
      * Explicitly build-depend on xsltproc.
    
    openjdk-6 (6b23~pre4-1) experimental; urgency=low
    
      * Upload to experimental.
     -- Matthias Klose <email address hidden>   Mon, 08 Aug 2011 14:39:49 +0200
  • openjdk-6 (6b23~pre4-0ubuntu1) oneiric; urgency=low
    
      * Update from the IcedTea6 branch (20110802).
      * Updated JamVM to the 2011-08-01 revision.
      * Make JamVM the default VM on Ubuntu oneiric/ARM.
      * Fix build on sparc.
      * Depend on libnss3 in multiarch location. Closes: #634058, #635111.
     -- Matthias Klose <email address hidden>   Tue, 02 Aug 2011 19:25:57 +0200
  • openjdk-6 (6b23~pre3-0ubuntu2) oneiric; urgency=low
    
      * Build using g++-4.5 on oneiric/armel.
     -- Matthias Klose <email address hidden>   Sat, 09 Jul 2011 13:03:28 +0200
  • openjdk-6 (6b23~pre3-0ubuntu1) oneiric; urgency=low
    
      * Update to the b23-05_jul_2011 tarball.
        - Includes fixes for security issues:
        - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent
          disabled get still selected for read ops (win)
        - S6618658, CVE-2011-0865: Vulnerability in deserialization
        - S7012520, CVE-2011-0815: Heap overflow vulnerability in
          FileDialog.show()
        - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
        - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
          bindings
        - S7013971, CVE-2011-0869: Vulnerability in SAAJ
        - S7016340, CVE-2011-0870: Vulnerability in SAAJ
        - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with
          scale close to zero
        - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
        - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address
          size variables
      * Don't build with -Werror on sparc.
      * Build shark using llvm-2.9.
     -- Matthias Klose <email address hidden>   Thu, 07 Jul 2011 22:31:12 +0200
  • openjdk-6 (6b23~pre2-0ubuntu2) oneiric; urgency=low
    
      * Don't run the jdk jtreg test with JamVM.
     -- Matthias Klose <email address hidden>   Sun, 29 May 2011 07:52:04 +0200
  • openjdk-6 (6b23~pre2-0ubuntu1) oneiric; urgency=low
    
      * Fix non-bootstrap builds.
      * Depend against multiarch libnss3. LP: #779174.
      * Run jtreg tests using JamVM too.
      * Don't run the jtreg tests with the NSS security provider enabled.
      * Update JamVM to 20110528.
     -- Matthias Klose <email address hidden>   Sat, 28 May 2011 15:43:50 +0200
  • openjdk-6 (6b23~pre1-0ubuntu2) oneiric; urgency=low
    
      * Build using g++-4.6 on oneiric.
     -- Matthias Klose <email address hidden>   Tue, 17 May 2011 17:38:08 +0200
  • openjdk-6 (6b23~pre1-0ubuntu1) oneiric; urgency=low
    
      * Update from the IcedTea6 branch (20110517).
      * Add lcms configury.
      * Build on ARM using the zero port (without the ARM assembler interpreter).
      * Build-depend against multiarch libnss3. LP: #783941.
     -- Matthias Klose <email address hidden>   Tue, 17 May 2011 17:01:37 +0200
  • openjdk-6 (6b22-1.10.1-0ubuntu1) natty; urgency=low
    
      * IcedTea6 1.10.1 release.
     -- Matthias Klose <email address hidden>   Tue, 05 Apr 2011 12:20:36 +0200