Enable OpenJDK update through uscan
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openjdk-7 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
In order to make OpenJDK 7 updates easier uscan/watch file should be enabled.
The OpenJDK 7 package is comprised of tarballs for IcedTea, JamVM, IcedTea sound, and OpenJDK modules (the OpenJDK "root", corba, hotspot, jaxp, jaxws, jdk, and langtools).
Both IcedTea and IcedTea-sound provide a PGP signature while the tarballs for OpenJDK modules and JamVM do NOT provide a PGP signature upstream.
Fortunately - IcedTea can do a sha256 checksum on both OpenJDK modules and JamVM tarballs if they are kept pristine. Additionally the OpenJDK modules would have to be uncompressed in a specific tree format, which is not supported by MUT. Given those restrictions it is better to pack these pristine tarballs inside their own orig tarball.
The proposed format is:
- keep the icedtea tarball pristine as the orig tarball file.
- keep the icedtea-sound tarball pristine as the "orig-icedtea-
- use a script (debian/repack) to download the OpenJDK modules + JamVM and put their tarballs under a single "orig-drops" module tarball.
Changed in openjdk-7 (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package openjdk-7 - 7u131-2. 6.9-0ubuntu0. 14.04.1
--------------- 2.6.9-0ubuntu0. 14.04.1) trusty-security; urgency=medium
openjdk-7 (7u131-
* IcedTea release 2.6.9 (based on 7u131): blacklisted. cert' to be copied to etc dir spi.DefaultProx ySelector prefers libglib2.0-0 (>= 2.24) fs.GnomeFileTyp eDetector prefers libglib2.0-0 (>= 2.24) awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
libgnomevfs2- 0. patches/ icedtea- sound.diff: removed, now packing icedtea-sound upstream/ signing- key.asc: add new signing key.
* Security fixes
- S8167110, CVE-2017-3514: Windows peering issue.
- S8163528, CVE-2017-3511: Better library loading.
- S8169011, CVE-2017-3526: Resizing XML parse trees.
- S8163520, CVE-2017-3509: Reuse cache entries.
- S8171533, CVE-2017-3544: Better email transfer.
- S8170222, CVE-2017-3533: Better transfers of files.
- S8171121, CVE-2017-3539: Enhancing jar checking.
- S8172299: Improve class processing.
* debian/compat: updated from 5 to 9.
* debian/watch: using watch version 4 to download both icedtea and
icedtea-sound. LP: #1642420.
* debian/repack: simplified tarball download.
* debian/rules:
- removed 8u121 patches as they have been applied to 7u131.
- building icedtea-sound on build/ directory
- replaced 'dh_strip -k' calls by dh_prep
- have the 'build' rule depend on 'debian/control' rule to force
failure if debian/control gets regenerated.
- added file 'security/
(introduced by S8011402).
- simplified build dependencies.
- removed jtreg's xvfb-run call since icedtea takes care of calling it.
- removed window manager as there are no additional significant failures
on the jdk tests when not running one.
- re-enabled jdk jtreg tests.
- removed lpia arch.
- use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional
package names.
- drop Recommends on obsolete GNOME libraries so they are not in a
default GNOME desktop installation (Simon McVittie). Closes: #850270.
+ sun.net.
over obsolete libgconf2-4.
+ sun.nio.
over libgnomevfs-2-0.
+ sun.xawt.
* debian/control.in: added static build dependencies as their previous
selection logic in debian/rules is no longer required.
* debian/control: regenerated.
* debian/
1.0.1 which includes those fixes.
* debian/
-- Tiago Stürmer Daitx <email address hidden> Mon, 08 May 2017 23:02:52 +0000