openjdk-8 8u111-b14-2ubuntu0.16.04.2 source package in Ubuntu
Changelog
openjdk-8 (8u111-b14-2ubuntu0.16.04.2) xenial-security; urgency=medium * Backport to 16.04. openjdk-8 (8u111-b14-2ubuntu0.16.10.2) yakkety-security; urgency=medium * debian/rules: remove samevm/othervm options from jtreg tests. * debian/buildwatch.sh: noisy and quiet logic blocks were swapped. openjdk-8 (8u111-b14-2ubuntu0.16.10.1) yakkety-security; urgency=medium * Security fixes in 8u111: - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * debian/rules: removed all mauve and cacao references, updated jtreg tests to use agentvm and auto concurrency, use autoconf 2.68 for precise. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/control.in: removed mauve and cacao references. * debian/copyright.cacao: deleted file. * debian/README.source: removed caco and mauve references. * debian/patches/aarch64.diff: removed cacao vm reference. * debian/patches/autoconf-2.68.diff: reduce minimum autoconf requirement to 2.68. * debian/patches/autoconf-select.diff: deleted file as it has been replaced by autoconf 2.68 changes for precise. * debian/patches/cacao-armv4.diff: deleted file. * debian/tests/control: added autopkgtest to run jtreg testsuite. * debian/tests/jtreg-autopkgtest: run jtreg tests on autopkgtest. openjdk-8 (8u111-b14-2) unstable; urgency=high * Apply the kfreebsd patches conditionally. openjdk-8 (8u111-b14-1) unstable; urgency=high * Update to 8u111-b14, including security fixes. * Enable hotspot builds for sparc64. Closes: #835973. openjdk-8 (8u102-b14.1-2) unstable; urgency=medium * Fix build failure with GCC 6. Closes: #811694. * Fix JamVM, lacking JVM_GetResourceLookupCacheURLs (Xerxes Rånby). Closes: #826206. * Explicitly build using GCC 6. openjdk-8 (8u102-b14.1-1) unstable; urgency=medium * Use the 8u101 tarballs instead of the 8u102 tarballs (inventing a fake version number). openjdk-8 (8u102-b14-2) unstable; urgency=medium * Update AArch64 and KFreeBSD patches. openjdk-8 (8u102-b14-1) unstable; urgency=medium * Update to 8u101-b14, including security fixes: * IIOP Input Stream Hooking. CVE-2016-3458: defaultReadObject is not forbidden in readObject in subclasses of InputStreamHook which provides leverage to deserialize malicious objects if a reference to the input stream can be obtained separately. * Complete name checking. S8148872, CVE-2016-3500: In some cases raw names in XML data are not checked for length limits allowing for DoS attacks. * Better delineation of XML processing. S8149962, CVE-2016-3508: Denial of service measures do not take newline characters into account. This can be used to conduct attacks like the billion laughs DoS. * Coded byte streams. S8152479, CVE-2016-3550: A fuzzed class file triggers an integer overflow in array access. * Clean up lookup visibility. S8154475, CVE-2016-3587: A fast path change allowed access to MH.invokeBasic via the public lookup object. MH.iB does not do full type checking which can be used to create type confusion. * Bolster bytecode verification. S8155981, CVE-2016-3606: The bytecode verifier checks that any classes' <init> method calls super.<init> before returning. There is a way to bypass this requirement which allows creating subclasses of classes that are not intended to be extended. * Persistent Parameter Processing. S8155985, CVE-2016-3598: TOCTOU issue with types List passed into dropArguments() which can be used to cause type confusion. * Additional method handle validation. S8158571, CVE-2016-3610: MHs.filterReturnValue does not check the filter parameter list size. The single expected parameter is put in the last parameter position for the filter MH allowing for type confusion. * Enforce GCM limits. S8146514: In GCM the counter should not be allowed to wrap (per the spec), since that plus exposing the encrypted data could lead to leaking information. * Construction of static protection domains. S8147771: SubjectDomainCombiner does not honor the staticPermission field and will create ProtectionDomains that vary with the system policy which may allow unexpected permission sets. * Share Class Data. S8150752: Additional verification of AppCDS archives is required to prevent an attacker from creating a type confusion situation. * Enforce update ordering. S8149070: If the GCM methods update() and updateAAD() are used out of order, the security of the system can be weakened and an exception should be thrown to warn the developer. * Constrain AppCDS behavior. S8153312: AppCDS does not create classloader constraints upon reloading classes which could allow class spoofing under some circumstances. -- Tiago Stürmer Daitx <email address hidden> Thu, 27 Oct 2016 14:18:35 +0000
Upload details
- Uploaded by:
- Tiago Stürmer Daitx
- Uploaded to:
- Xenial
- Original maintainer:
- OpenJDK
- Architectures:
- alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openjdk-8_8u111-b14.orig.tar.gz | 61.0 MiB | 353e7382c88bcf2b10d673b9b305c87ed733bd00c02b8497c565b37741ae1c30 |
openjdk-8_8u111-b14-2ubuntu0.16.04.2.debian.tar.xz | 227.3 KiB | b51a22600b5a393059f1444eb1b12b8a005f646d19bdf571f55aed9be1bbd57f |
openjdk-8_8u111-b14-2ubuntu0.16.04.2.dsc | 4.5 KiB | 3c4974ee94759fcd494a777da49cfd20c14571b00e9a404d73ee3887bb21f8af |
Available diffs
Binary packages built by this source
- openjdk-8-dbg: Java runtime based on OpenJDK (debugging symbols)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the debugging symbols.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-demo: Java runtime based on OpenJDK (demos and examples)
OpenJDK Java runtime
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-doc: OpenJDK Development Kit (JDK) documentation
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the API documentation.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk: OpenJDK Development Kit (JDK)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-headless: OpenJDK Development Kit (JDK) (headless)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre: OpenJDK Java runtime, using Hotspot Zero
Full Java runtime environment - needed for executing Java GUI and Webstart
programs, using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot Zero (headless)
Minimal Java runtime - needed for executing non GUI Java programs,
using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-jamvm: Transitional package for obsolete JamVM for OpenJDK
JamVM support was removed for recent versions of OpenJDK 8.
.
This is a transitional package which can be safely removed.
- openjdk-8-jre-zero: Alternative JVM for OpenJDK, using Zero/Shark
The package provides an alternative runtime using the Zero VM and the
Shark Just In Time Compiler (JIT). Built on architectures in addition
to the Hotspot VM as a debugging aid for those architectures which don't
have a Hotspot VM.
.
The VM is started with the option `-zero'. See the README.Debian for details.
- openjdk-8-source: OpenJDK Development Kit (JDK) source files
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the Java programming language source files
(src.zip) for all classes that make up the Java core API.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.