This bug was fixed in the package openjdk-6 - 6b18-1.8-4ubuntu3~9.04.2 --------------- openjdk-6 (6b18-1.8-4ubuntu3~9.04.2) jaunty-security; urgency=low * Upload to Jaunty openjdk-6 (6b18-1.8-4ubuntu3) lucid-proposed; urgency=low * Update from the 1.8 branch. * Rebuild with fixed ant. * Disable building the shark based VM on armel. * Always build the ARM assembler interpreter in arm mode. openjdk-6 (6b18-1.8-4) unstable; urgency=low * Update from the 1.8 branch. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). - Fix race conditions in plugin initialization code that were causing hangs when loading multiple applets in parallel. * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Don't turn on the ARM assembler interpreter when building the shark VM. openjdk-6 (6b18-1.8-3) unstable; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low * Search for unversioned llvm-config tool. openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low * Upload to maverick. openjdk-6 (6b18-1.8-2) unstable; urgency=low * Update from the 1.8 branch. - Fix build on Hitachi SH. Closes: #575346. - Shark and Zero fixes. * Build shark using llvm-2.7. * Don't use shark to run the test harness when testing the shark build. * README.Debian: Add paragraph about debugging the IcedTea NPPlugin. openjdk-6 (6b18-1.8-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low * Update IcedTea6 to the icedtea6-1.8 release. * Fix builds on Ubuntu/dapper and Debian/lenny. * On hppa, configure --without-rhino --disable-plugin. * Fix Hitachi SH configury. Closes: #575346. * Start a window manager when running the tests. Prefer metacity, as more tests pass with it. * Let XToolkit.isTraySupported() return true, if Compiz is running. Works around sun#6438179. LP: #300948. * Make /jre/lib/security/nss.cfg a config file. * Fail in the configuration of the packages, if /proc is not mounted. java currently uses tricks to find its own shared libraries depending on the path of the binary. Will be changed in OpenJDK7. Closes: #576453. * Fix PR icedtea/469, testsuite failures with the NSS based security provider. LP: #556549. * Do not pass LD_LIBRARY_PATH from the plugin to the java process. While libnss3.so gets loaded from /usr/lib, the dependent libraries are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox config). LP: #561124. Closes as well: LP: #551328, #554909, #560829, #549010, #553452. * Always build shark with hs14. openjdk-6 (6b18~pre4-1ubuntu1) lucid; urgency=low * Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev, unexpectedly demoted to universe. * icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way to do better? See #552780. * Fix builds on Ubuntu hardy. openjdk-6 (6b18~pre4-1) unstable; urgency=high * Upload to unstable. openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low * Fix typo in NPPlugin code. LP: #552287. openjdk-6 (6b18~pre4-0ubuntu1) lucid; urgency=low [ Matthias Klose ] * Update IcedTea6 form the 1.8 branch. * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299). - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807). - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653). - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217). - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) [ZDI-CAN-603]. - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390). - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703). - (CVE-2010-0088): Inflater/Deflater clone issues (6745393). - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains (6633872). - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149). - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) [ZDI-CAN-588]. - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265). - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691). - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823). - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866). - (CVE-2009-3555): TLS: MITM attacks via session renegotiation. - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups. - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly. encoded CommonName OIDs. - 6910590: Application can modify command array in ProcessBuilder. - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability. - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? - 6898739: TLS renegotiation issue. [ Torsten Werner ] * Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too. (Closes: #575163) openjdk-6 (6b18~pre3-1) unstable; urgency=low [ Matthias Klose ] * Update IcedTea build infrastructure (20100321). * Update support for SH4 (Nobuhiro Iwamatsu). * Handle renaming of the plugin name. [ Torsten Werner ] * Improve patch for IPv4 mapped IPv6 addresses even more. (Closes: #573742) openjdk-6 (6b18~pre2-1ubuntu2) lucid; urgency=low * Fix build failure on ARM. openjdk-6 (6b18~pre2-1ubuntu1) lucid; urgency=low * Upload to lucid. openjdk-6 (6b18~pre2-1) unstable; urgency=low * Update IcedTea build infrastructure (20100310). * Disable building the plugin the plugin on alpha (borked xulrunner packaging using binary indep packages). * Use a two stage build on alpha. * Add note about the reparenting WM workaround. Closes: #573026. * Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane). Closes: #572511. * openjdk-6-doc: Don't compress package-list files. Closes: #567899. openjdk-6 (6b18~pre1-4) unstable; urgency=low * Improve patch for IPv4 mapped IPv6 addresses. openjdk-6 (6b18~pre1-3) unstable; urgency=low * Add a patch for improved handling of IPv4 mapped IPv6 addresses. (Closes: #560056, #561930, #563699, #563946) openjdk-6 (6b18~pre1-2) unstable; urgency=low * Change Build-Depends: ant1.7-optional because of a bus error in gij. openjdk-6 (6b18~pre1-1ubuntu1) lucid; urgency=low * Ignore error code running ant -diagnostics. * Build-depend on ant-optional. * Disable the cacao build on armel, fails to build with the non bootstrap build. openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. openjdk-6 (6b17-1.7-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b17-1.7-0ubuntu1) lucid; urgency=low * IcedTea6 1.7 release. * Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999. * Run the testsuite on sh4. * Ubuntu only: Implement an execute bit checker for the Non-Exec Policy - debian/JB-java.desktop.in: update mime handler to use new launcher. * armel: Apply the thumb2 patches from the trunk, plus proposed patches for the trunk. openjdk-6 (6b17-0ubuntu1) lucid; urgency=low * Build from the IcedTea6-1.7 branch. * Don't build the plugin on sparc64. * Enable the NPPlugin. * Add support for SH4 (Nobuhiro Iwamatsu). * Fix crash in the ARM assembler interpreter (Edward Nevill). openjdk-6 (6b17~pre3-1ubuntu2) lucid; urgency=low * Update IcedTea build infrastructure (20091224). * Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by xvfb-run). openjdk-6 (6b17~pre3-1ubuntu1) lucid; urgency=low * Upload to lucid. openjdk-6 (6b17~pre3-1) unstable; urgency=low * Update IcedTea build infrastructure (20091218). * Install docs into the openjdk-6-jre-headless directory instead of openjdk-6-jre. openjdk-6 (6b17~pre2-1ubuntu1) lucid; urgency=low * Update IcedTea build infrastructure (20091215). * Fix cacao build on armel with current optimization defaults. openjdk-6 (6b17~pre2-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low * Security updates: - (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533). - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445). - (CVE-2009-3881) resurrected classloaders can still have children (6636650). - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026). - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138). - (CVE-2009-3880) UI logging information leakage (6664512). - (CVE-2009-3879) GraphicsConfiguration information leak (6822057). - (CVE-2009-3884) zoneinfo file existence information leak (6824265). - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062). - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968). - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503). - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911). - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357). - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643. - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358). * Update IcedTea build infrastructure (20091109). * Use hs16 on armel. openjdk-6 (6b17~pre2-0ubuntu2) lucid; urgency=low * Don't use hs16 on armel and sparc. openjdk-6 (6b17~pre2-0ubuntu1) lucid; urgency=low * New code drop (b17). * Bump hotspot to hs16. * Update IcedTea build infrastructure (20091031). * Set priority of default -jre and -jdk packages to optional. * Fix binary-all to binary-any dependencies. Closes: #550680. openjdk-6 (6b16-1.6.1-2) unstable; urgency=medium * Build-depend on xulrunner-dev (>= 1.9.1.3-3). openjdk-6 (6b16-1.6.1-1ubuntu3) karmic; urgency=low [Matthias Klose] * On armel and powerpc, build an additional VM using shark in the openjdk-6-jre-zero package (java -shark ). Requires llvm-2.6. * Hide the desktop menu entry for WebStart. LP: #222180. * Don't provide java-virtual-machine anymore. [Edward Nevill] * Avoid stack overflows in the arm interpreter. openjdk-6 (6b16-1.6.1-1ubuntu2) karmic; urgency=low * Support PKCS11 cryptography via NSS, now allowing import of all certificates from ca-certificates. * Remove Michael Koch from uploaders, request by himself. * Add the doc dir symlink for openjdk-6-jre-zero when the package is built with shark support. openjdk-6 (6b16-1.6.1-1ubuntu1) karmic; urgency=low * Fix dependency on the java bridge packages. * debian/rules: Conditionalize stuff so that the recent release is never mentioned. * Remove obsolete patches in debian/patches. * Rebuild on armel to fix up libffi for the soft float abi. * For jaunty builds, fix IcedTeaPlugin failure to start with xulrunner 1.9.1 (LP: #359407). - debian/patches/icedtea-plugin-use-runtime-nsIProcess-IID.diff: Add. - debian/rules: Apply it for jaunty builds. * Use pulseaudio as default serviceprovider for javax.sound.midi.MidiSystem and javax.sound.sampled.AudioSystem. LP: #407299. openjdk-6 (6b16-1.6.1-1) unstable; urgency=low * Upload to Debian unstable. openjdk-6 (6b16-1.6.1-0ubuntu1) karmic; urgency=low * Update IcedTea6 to the 1.6.1 release. * Work around GCC PR target/41327, build the JDK on s390 with -O2. openjdk-6 (6b16-1.6-1) unstable; urgency=low * Update IcedTea6 to the 1.6 release. * Fix GCC build dependencies. openjdk-6 (6b16-1.6~pre2-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b16-1.6~pre2-0ubuntu1) karmic; urgency=low * Update IcedTea from the 1.6 release branch: - Fix buffer overflow in debugger's socket handler (Kees Cook). https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736. - plugin fixes. * Move the pulseaudio recommendation to a suggestion, don't build-depend on pulseaudio. Closes: #539394. LP: #361408. * Build for armv6 (on armel). [ Kees Cook ] * debian/rules: Re-enable fortification and stack protector (LP: #330713). * Adding stack markings to the x86 assembly for not using executable stack. LP: #419018. openjdk-6 (6b16-1.6~pre1-0ubuntu1) karmic; urgency=low * Test build (icedtea6-1.6 release branch). openjdk-6 (6b16~pre5-0ubuntu2) karmic; urgency=low * Add explicit build dependency on libgtk2.0-dev. openjdk-6 (6b16~pre5-0ubuntu1) karmic; urgency=low * Bump hotspot to hs14b16. * Update IcedTea build infrastructure (20090805). * patches/java-access-bridge-security.patch: Update. * Build-depend on xulrunner-dev instead of xulrunner-1.9-dev on karmic. * Don't recommend the jck fonts anymore, just suggest them; the appropriate fonts are installed as dependencies of the language packs. openjdk-6 (6b16~pre4-0ubuntu7) karmic; urgency=low * Build using GCC-4.4 on sparc as well, require 4.4.1. openjdk-6 (6b16~pre4-0ubuntu6) karmic; urgency=low * Fix build failure building the zero VM. openjdk-6 (6b16~pre4-0ubuntu5) karmic; urgency=low [Matthias Klose] * Update IcedTea build infrastructure (20090715). * Tighten build dependency on llvm-dev. [Edward Nevill] * Add armv4 compatibility. openjdk-6 (6b16~pre4-0ubuntu4) karmic; urgency=low [Edward Nevill] * Added Bytecode Interpreter Generator. * Added ARM templates for above. * Removed old optimised ARM assebler. * Added -g0 because of problems with ld linking -g. * Changed alignment to 64 now that as bug is fixed. [Matthias Klose] * Update IcedTea build infrastructure (20090710). * Let the -jre package depend on the access-bridge package, not the -jre-headless package. LP: #395074. * Suggested by Ed Nevill: - Pass -timeout:3 when running the jtreg testsuite on zero architectures. - Pass -Xmx256M -vmoption:-Xmx256M on armel for the jtreg testsuite run. * Tighten build dependency on llvm-dev. openjdk-6 (6b16~pre4-0ubuntu3) karmic; urgency=low * Update zero-port-opt patch on armel. openjdk-6 (6b16~pre4-0ubuntu2) karmic; urgency=low * Update IcedTea build infrastructure (20090623). * Reapply the zero-port-opt patch on armel. * Do not use the IPA Mona font family by default. Closes: #521233. * Build cacao with -fno-strict-aliasing. openjdk-6 (6b16-4) unstable; urgency=medium * Build the zero binary package when building with shark. * Build-depend on cpio. Closes: #532963. openjdk-6 (6b16-3) unstable; urgency=low * Update IcedTea build infrastructure (20090612). * Install the libaccess-bridge-java* symlinks again. * Build zero on ix86 architectures with JIT support (shark). To use the zero build without shark, use the `-Xint' option to operate in interpreted-only mode. openjdk-6 (6b16-2) unstable; urgency=low * Don't install libaccess-bridge-java* symlinks until libaccess-bridge-java-jni is available on all architectures. * Add missing build dependency on cacao-source. openjdk-6 (6b16-1) unstable; urgency=low * Upload to unstable, based in 6b16 and IcedTea 1.5. openjdk-6 (6b16~pre3-0ubuntu1) karmic; urgency=low * Update to hotspot hs14b15. * Provide symlink for libjava-access-bridge-jni.so. LP: #375347. openjdk-6 (6b16~pre2-0ubuntu3) karmic; urgency=low * Update IcedTea build infrastructure (20090513). * Fix build failure when xvfb-run doesn't work, trying to access a non-existing directory. openjdk-6 (6b16~pre2-0ubuntu2) karmic; urgency=low * Add libffi-dev as architecture independent build dependency. openjdk-6 (6b16~pre2-0ubuntu1) karmic; urgency=low * Update to re-tagged code drop (b16). * Update IcedTea build infrastructure (20090510). * Remove patches integrated in IcedTea. * Remove GCJ Web Plugin support. * Remove build infrastructure to build additional VM's, integrated in IcedTea. * Stop building the openjdk-6-source-files package. * README.Debian: Document using the different VM's. * Use GCC-4.3 on sparc, ICE with GCC-4.4. * Fix problem with the ARM assembler interpreter, when executing a 'new' bytecode with a double on the top of the stack (Edward Nevill). * Run the testsuite for the zero build on ix86 architectures. openjdk-6 (6b16~pre1-0ubuntu1) karmic; urgency=low * New code drop (b16). * Update IcedTea build infrastructure (20090429). * Merge changes from 6b14-1.4.1. * Fix section names (using the java section). * Remove all UTF-8 sequence definitions from the font configuration. -- Chris Coulson