-
openjdk-7 (7u51-2.4.4-0ubuntu0.13.04.2) raring-security; urgency=medium
* Backport for Ubuntu 13.04
* debian/control{,.in}: Breaks icedtea-netx (<< 1.3.2-1ubuntu1.1)
* debian/patches/ecj-multicatch-c5db461b91c7.diff: add a few missing
multicatch conversions. This can be dropped in IcedTea 2.4.5.
-- Jamie Strandboge <email address hidden> Wed, 15 Jan 2014 21:23:46 -0600
-
openjdk-7 (7u25-2.3.10-1ubuntu0.13.04.2) raring-security; urgency=low
* Backport for raring
* debian/control{,.in}: Breaks icedtea-netx (<< 1.3.2-1ubuntu1.1)
openjdk-7 (7u25-2.3.10-1ubuntu1) saucy; urgency=low
* Regenerate the control file.
openjdk-7 (7u25-2.3.10-1) unstable; urgency=high
* IcedTea7 2.3.10 release.
* Security fixes
* S6741606, CVE-2013-2407: Integrate Apache Santuario.
* S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls.
* S7170730, CVE-2013-2451: Improve Windows network stack support.
* S8000638, CVE-2013-2450: Improve deserialization.
* S8000642, CVE-2013-2446: Better handling of objects for transportation.
* S8001032: Restrict object access.
* S8001033, CVE-2013-2452: Refactor network address handling in virtual
machine identifiers.
* S8001034, CVE-2013-1500: Memory management improvements.
* S8001038, CVE-2013-2444: Resourcefully handle resources.
* S8001043: Clarify definition restrictions.
* S8001308: Update display of applet windows.
* S8001309: Better handling of annotation interfaces.
* S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with
InetAddress.getLocalHost.
* S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only).
* S8003703, CVE-2013-2412: Update RMI connection dialog box.
* S8004288, CVE-2013-2449: (fs) Files.probeContentType problems.
* S8004584: Augment applet contextualization.
* S8005007: Better glyph processing.
* S8006328, CVE-2013-2448: Improve robustness of sound classes.
* S8006611: Improve scripting.
* S8007467: Improve robustness of JMX internal APIs.
* S8007471: Improve MBean notifications.
* S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes.
* S8007925: Improve cmsStageAllocLabV2ToV4curves.
* S8007926: Improve cmsPipelineDup.
* S8007927: Improve cmsAllocProfileSequenceDescription.
* S8007929: Improve CurvesAlloc.
* S8008120, CVE-2013-2457: Improve JMX class checking.
* S8008124, CVE-2013-2453: Better compliance testing.
* S8008128: Better API coherence for JMX.
* S8008132, CVE-2013-2456: Better serialization support.
* S8008585: Better JMX data handling.
* S8008593: Better URLClassLoader resource management.
* S8008603: Improve provision of JMX providers.
* S8008607: Better input checking in JMX.
* S8008611: Better handling of annotations in JMX.
* S8008615: Improve robustness of JMX internal APIs.
* S8008623: Better handling of MBeanServers.
* S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606.
* S8008982: Adjust JMX for underlying interface changes.
* S8009004: Better implementation of RMI connections.
* S8009008: Better manage management-api.
* S8009013: Better handling of T2K glyphs.
* S8009034: Improve resulting notifications in JMX.
* S8009038: Improve JMX notification support.
* S8009057, CVE-2013-2448: Improve MIDI event handling.
* S8009067: Improve storing keys in KeyStore.
* S8009071, CVE-2013-2459: Improve shape handling.
* S8009235: Improve handling of TSA data.
* S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change.
* S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields.
* S8009654: Improve stability of cmsnamed.
* S8010209, CVE-2013-2460: Better provision of factories.
* S8011243, CVE-2013-2470: Improve ImagingLib.
* S8011248, CVE-2013-2471: Better Component Rasters.
* S8011253, CVE-2013-2472: Better Short Component Rasters.
* S8011257, CVE-2013-2473: Better Byte Component Rasters.
* S8012375, CVE-2013-1571: Improve Javadoc framing.
* S8012421: Better positioning of PairPositioning.
* S8012438, CVE-2013-2463: Better image validation.
* S8012597, CVE-2013-2465: Better image channel verification.
* S8012601, CVE-2013-2469: Better validation of image layouts.
* S8014281, CVE-2013-2461: Better checking of XML signature.
* S8015997: Additional improvement in Javadoc framing.
* Breaks icedtea-netx (<< 1.4-2).
openjdk-7 (7u21-2.3.9-5) unstable; urgency=low
* Update kFreeBSD support (Guido Guenther). Closes: #708818.
* Stop building the transitional cacao package for sid.
openjdk-7 (7u21-2.3.9-4) unstable; urgency=high
* Build the transitional cacao package for sid as well. Apparently
some buildds are not updated to list wheezy as the code name for
the current distribution.
openjdk-7 (7u21-2.3.9-3) unstable; urgency=high
* Disable the cacao build again, causing build failures on i386 and s390.
* Build a transitional cacao jre package instead.
openjdk-7 (7u21-2.3.9-2) unstable; urgency=high
* On ia64, use gcj-4.7 for the bootstrap build.
* Drop the cacao jre from recommends to suggests.
* Re-enable cacao, was enabled in the 2.1.x series.
-- Jamie Strandboge <email address hidden> Wed, 03 Jul 2013 08:09:30 -0500
-
openjdk-7 (7u21-2.3.9-1ubuntu1) raring; urgency=low
* Regenerate the control file.
openjdk-7 (7u21-2.3.9-1) unstable; urgency=high
* IcedTea7 2.3.9 release.
* Security fixes:
- S6657673, CVE-2013-1518: Issues with JAXP.
- S7200507: Refactor Introspector internals.
- S8000724, CVE-2013-2417: Improve networking serialization.
- S8001031, CVE-2013-2419: Better font processing.
- S8001040, CVE-2013-1537: Rework RMI model.
- S8001322: Refactor deserialization.
- S8001329, CVE-2013-1557: Augment RMI logging.
- S8003335: Better handling of Finalizer thread.
- S8003445: Adjust JAX-WS to focus on API.
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
- S8004261: Improve input validation.
- S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames.
- S8004986, CVE-2013-2383: Better handling of glyph table.
- S8004987, CVE-2013-2384: Improve font layout.
- S8004994, CVE-2013-1569: Improve checking of glyph table.
- S8005432: Update access to JAX-WS.
- S8005943: (process) Improved Runtime.exec.
- S8006309: More reliable control panel operation.
- S8006435, CVE-2013-2424: Improvements in JMX.
- S8006790: Improve checking for windows.
- S8006795: Improve font warning messages.
- S8007406: Improve accessibility of AccessBridge.
- S8007617, CVE-2013-2420: Better validation of images.
- S8007667, CVE-2013-2430: Better image reading.
- S8007918, CVE-2013-2429: Better image writing.
- S8008140: Better method handle resolution.
- S8009049, CVE-2013-2436: Better method handle binding.
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
- S8009305, CVE-2013-0401: Improve AWT data transfer.
- S8009677, CVE-2013-2423: Better setting of setters.
- S8009699, CVE-2013-2421: Methodhandle lookup.
- S8009814, CVE-2013-1488: Better driver management.
- S8009857, CVE-2013-2422: Problem with plugin.
* Backports:
- S7130662: GTK file dialog crashes with a NPE.
* Bug fixes
- PR1363: Fedora 19 / rawhide FTBFS SIGILL.
- PR1401: Fix Zero build on 2.3.8.
- Fix offset problem in ICU LETableReference.
- Change -Werror fix to preserve OpenJDK default.
- PR1303: Correct #ifdef to #if.
- PR1404: Failure to bootstrap with ecj 4.2.
-- Matthias Klose <email address hidden> Mon, 22 Apr 2013 03:45:39 +0200
-
openjdk-7 (7u17-2.3.8-1ubuntu1) raring; urgency=low
* Regenerate the control file.
openjdk-7 (7u17-2.3.8-1) experimental; urgency=low
* IcedTea7 2.3.8 release.
* Security fixes:
- S8007014, CVE-2013-0809: Improve image handling.
- S8007675, CVE-2013-1493: Improve color conversion.
* Backports:
- S8002344: Krb5LoginModule config class does not return proper KDC list
from DNS.
- S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c.
- S8006179: JSR292 MethodHandles lookup with interface using findVirtual().
- S8006882: Proxy generated classes in sun.proxy package breaks JMockit.
* Bug fixes:
- PR1303: Correct #ifdef to #if.
- PR1340: Simplify the rhino class rewriter to avoid use of concurrency.
- Revert 7017193 and add the missing free call, until a better fix is ready.
-- Matthias Klose <email address hidden> Sun, 31 Mar 2013 20:10:05 +0200
-
openjdk-7 (7u15-2.3.7-1ubuntu2) raring; urgency=low
* Security fixes:
- S8007014, CVE-2013-0809: Improve image handling
- S8007675, CVE-2013-1493: Improve color conversion
- debian/rules: updated to add 8007014.patch and 8007675.patch
-- Jamie Strandboge <email address hidden> Wed, 06 Mar 2013 14:12:03 -0600
-
openjdk-7 (7u15-2.3.7-1ubuntu1) raring; urgency=low
* Regenerate the control file.
openjdk-7 (7u15-2.3.7-1) experimental; urgency=low
* IcedTea7 2.3.7 release.
* Security fixes:
- S8004937, CVE-2013-1484: Improve proxy construction.
- S8006439, CVE-2013-1485: Improve MethodHandles coverage.
- S8006446, CVE-2013-1486: Restrict MBeanServer access.
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages.
- S8007688: Blacklist known bad certificate.
* Backports:
- S8007393: Possible race condition after JDK-6664509.
- S8007611: logging behavior in applet changed.
* For zero builds, use the same hotspot version as in 2.1.6.
* Reenable bootstrap builds, except for alpha.
* Explicitly disable building on mips/mipsel. Not supported by the
Debian OpenJDK maintainers, the Debian mips porters, or the Debian
Java team.
-- Matthias Klose <email address hidden> Wed, 20 Feb 2013 23:59:54 +0100
-
openjdk-7 (7u13-2.3.6-1ubuntu1) raring; urgency=low
* Regenerate the control file.
openjdk-7 (7u13-2.3.6-1) experimental; urgency=low
* IcedTea7 2.3.6 release.
- Disable bootstrap builds, currently broken in IcedTea.
* Security fixes:
- S6563318, CVE-2013-0424: RMI data sanitization.
- S6664509, CVE-2013-0425: Add logging context.
- S6664528, CVE-2013-0426: Find log level matching its name or value given
at construction time.
- S6776941: CVE-2013-0427: Improve thread pool shutdown.
- S7141694, CVE-2013-0429: Improving CORBA internals.
- S7173145: Improve in-memory representation of splashscreens.
- S7186945: Unpack200 improvement.
- S7186946: Refine unpacker resource usage.
- S7186948: Improve Swing data validation.
- S7186952, CVE-2013-0432: Improve clipboard access.
- S7186954: Improve connection performance.
- S7186957: Improve Pack200 data validation.
- S7192392, CVE-2013-0443: Better validation of client keys.
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages.
- S7192977, CVE-2013-0442: Issue in toolkit thread.
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies.
- S7200491: Tighten up JTable layout code.
- S7200500: Launcher better input validation.
- S7201064: Better dialogue checking.
- S7201066, CVE-2013-0441: Change modifiers on unused fields.
- S7201068, CVE-2013-0435: Better handling of UI elements.
- S7201070: Serialization to conform to protocol.
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue.
- S8000210: Improve JarFile code quality.
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class.
- S8000540, CVE-2013-1475: Improve IIOP type reuse management.
- S8000631, CVE-2013-1476: Restrict access to class constructor.
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling.
- S8001242: Improve RMI HTTP conformance.
- S8001307: Modify ACC_SUPER behavior.
- S8001972, CVE-2013-1478: Improve image processing.
- S8002325, CVE-2013-1480: Improve management of images.
* Fix font suggestion for indic fonts in wheezy.
* Fix fontconfig definitions for japanese and korean fonts, fixing
compilation of the fontconfig file.
* Add Built-Using: rhino attribute for the -lib package.
* Don't use concurrent features to rewrite the rhino jar file.
* Enable class data sharing for the hotspot server VM.
-- Matthias Klose <email address hidden> Tue, 12 Feb 2013 21:37:47 +0100
-
openjdk-7 (7u9-2.3.5~pre1-1ubuntu1) raring; urgency=low
* Regenerate the control file.
-- Matthias Klose <email address hidden> Sun, 10 Feb 2013 21:58:35 +0100
-
openjdk-7 (7u9-2.3.4-1ubuntu1) raring; urgency=low
* Upload to raring.
openjdk-7 (7u9-2.3.4-1) experimental; urgency=low
* IcedTea7 2.3.4 release.
* Security fixes
- S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries.
- S8006017, CVE-2013-0422: Improve lookup resolutions.
- S8006125: Update MethodHandles library interactions.
* Bug fixes
- S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit
shifts.
- G422525: Fix building with PaX enabled kernels.
[ Matthias Klose ]
* Loosen OpenGL dependency. Closes: #695028.
* Fix error parsing drop files parameter from pcmanfm (Alberto Fernández
MartÃnez). Closes: #695992.
[ Thorsten Glaser ]
* debian/rules: Use gcj-4.6-jdk for m68k builds.
* d/patches/text-relocations.patch: build with -fPIC on all archs.
openjdk-7 (7u9-2.3.3-1) experimental; urgency=low
* Upload to experimental.
-- Matthias Klose <email address hidden> Wed, 16 Jan 2013 01:32:03 +0100
-
openjdk-7 (7u9-2.3.3-0ubuntu1~12.10.1) quantal-security; urgency=low
* IcedTea7 2.3.3 release.
* Security fixes
- S6631398, CVE-2012-3216: FilePermission improved path checking.
- S7093490: adjust package access in rmiregistry.
- S7143535, CVE-2012-5068: ScriptEngine corrected permissions.
- S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp.
- S7158807: Revise stack management with volatile call sites.
- S7163198, CVE-2012-5076: Tightened package accessibility.
- S7167656, CVE-2012-5077: Multiple Seeders are being created.
- S7169884, CVE-2012-5073: LogManager checks do not work correctly for
sub-types.
- S7169887, CVE-2012-5074: Tightened package accessibility.
- S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI
connector.
- S7172522, CVE-2012-5072: Improve DomainCombiner checking.
- S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC.
- S7189103, CVE-2012-5069: Executors needs to maintain state.
- S7189490: More improvements to DomainCombiner checking.
- S7189567, CVE-2012-5085: java net obselete protocol.
- S7192975, CVE-2012-5071: Issue with JMX reflection.
- S7195194, CVE-2012-5084: Better data validation for Swing.
- S7195549, CVE-2012-5087: Better bean object persistence.
- S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be
improved.
- S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without
needing to create instance.
- S7196190, CVE-2012-5088: Improve method of handling MethodHandles.
- S7198296, CVE-2012-5089: Refactor classloader usage.
- S7158800: Improve storage of symbol tables.
- S7158801: Improve VM CompileOnly option.
- S7158804: Improve config file parsing.
- S7198606, CVE-2012-4416: Improve VM optimization.
-- Matthias Klose <email address hidden> Wed, 17 Oct 2012 13:27:47 +0200
-
openjdk-7 (7u7-2.3.2a-1ubuntu1) quantal; urgency=low
* Build a transitional icedtea-7-jre-cacao package to ease upgrades.
-- Matthias Klose <email address hidden> Wed, 19 Sep 2012 17:42:39 +0200
