This bug was fixed in the package openjdk-7 - 7u9-2.3.3-0ubuntu1~11.10.1 --------------- openjdk-7 (7u9-2.3.3-0ubuntu1~11.10.1) oneiric-security; urgency=low * Build IcedTea7 2.3.3 for oneiric. openjdk-7 (7u9-2.3.3-0ubuntu1) quantal-security; urgency=low * IcedTea7 2.3.3 release. * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking. - S7093490: adjust package access in rmiregistry. - S7143535, CVE-2012-5068: ScriptEngine corrected permissions. - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp. - S7158807: Revise stack management with volatile call sites. - S7163198, CVE-2012-5076: Tightened package accessibility. - S7167656, CVE-2012-5077: Multiple Seeders are being created. - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types. - S7169887, CVE-2012-5074: Tightened package accessibility. - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector. - S7172522, CVE-2012-5072: Improve DomainCombiner checking. - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC. - S7189103, CVE-2012-5069: Executors needs to maintain state. - S7189490: More improvements to DomainCombiner checking. - S7189567, CVE-2012-5085: java net obselete protocol. - S7192975, CVE-2012-5071: Issue with JMX reflection. - S7195194, CVE-2012-5084: Better data validation for Swing. - S7195549, CVE-2012-5087: Better bean object persistence. - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved. - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance. - S7196190, CVE-2012-5088: Improve method of handling MethodHandles. - S7198296, CVE-2012-5089: Refactor classloader usage. - S7158800: Improve storage of symbol tables. - S7158801: Improve VM CompileOnly option. - S7158804: Improve config file parsing. - S7198606, CVE-2012-4416: Improve VM optimization. openjdk-7 (7u7-2.3.2a-1ubuntu1) quantal; urgency=low * Build a transitional icedtea-7-jre-cacao package to ease upgrades. openjdk-7 (7u7-2.3.2a-1) experimental; urgency=low * Upload to experimental. openjdk-7 (7u7-2.3.2a-0ubuntu1) quantal; urgency=low * Repackage the source to drop the cacao tarball (and packaging files). * Depend again on system provided tzdata-java and restore the zi symlink on upgrade. LP: #1050404. * libgnome2-0, libgnomevfs2-0, libgconf2-4 are not prepared for multiarch. Don't depend on these so that openjdk-7 can be installed as a multiarch package. openjdk-7 (7u7-2.3.2-1ubuntu2) quantal; urgency=low * Make the avian VM a known runtime. openjdk-7 (7u7-2.3.2-1ubuntu1) quantal; urgency=low * Fix 32bit hotspot build, don't set maximal heap space lower than minimal heap space for the docs build. * d/p/sane-library-paths.patch, d/p/ant-diagnostics.diff, d/p/fix-race-cond-print.diff, d/p/gcc-hotspot-opt-O[02].diff, d/p/gcc-mtune-generic.diff, d/p/openjdk-6986968.diff: Remove, not used. * Remove unused shark/llvm-3.0 patches. * d/p/zero-only-use-floating-point-if-floating-poi.patch: Remove, applied upstream. * Don't explicitly build with -march=i586 on i386 architectures. * Re-apply zero-missing-headers.diff. * Disable cacao builds, needs update for 7u7. * For Ubuntu quantal, set priorities for alternatives higher than for OpenJDK 6. * Call update-alternatives when the existing priority for the alternative is lower than the current one. * Configure with --disable-downloading. * Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433. * Revert the following change: Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (#661465). The proper fix is to create a -jdk-headless package, or not depending on these gnome packages at all (e.g. using XDG libraries). openjdk-7 (7u7-2.3.2-1) experimental; urgency=low * New upstream IcedTea7 2.3.2 release. * Security fixes: - CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. - S7079902, CVE-2012-1711: Refine CORBA data models. - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement. - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations. - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC. - S7143872, CVE-2012-1718: Improve certificate extension processing. - S7152811, CVE-2012-1723: Issues in client compiler. - S7157609, CVE-2012-1724: Issues with loop. - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile. - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup. * Bump version to 7u7 (OpenJDK), 2.3.2 (IcedTea). Closes: #685276. * d/p/icedtea7-forest-jdk_7104625-XEvent_wrap_logging_calls_with_if.patch, d/p/hotspot-sparc.diff: Remove, integrated upstream. * d/p/{deb-multiarch,fix_extra_flags,hotspot-no-werror}.diff: Add variants for hotspot and zero builds. * d/p/default-jvm-cfg.diff, d/p/icedtea-4953367.patch, d/p/icedtea-patch.diff, d/p/icedtea-pretend-memory.diff, d/p/libpcsclite-dlopen.diff, d/p/nonreparenting-wm.diff: Update for 2.3.2. * Remove build support for Ubuntu releases earlier than hardy. * d/update-shasum.sh: Only update the shasums of the -dfsg tarballs. * Don't apply shark patches (not built anyway). openjdk-7 (7~u3-2.1.1-3) unstable; urgency=low * d/rules: Ensure we don't remove -02 (default) when -03 is disabled (fix jamvm FTBFS on armhf without -02). * d/patches/gcc-jdk-opt-O0.diff, d/patches/gcc-jdk-opt-O2.diff, d/patches/gcc-no-hardening.diff, d/patches/gcc-opt-O2.diff: removed. openjdk-7 (7~u3-2.1.1-2) unstable; urgency=low * d/rules: On Debian Wheezy/Sid bump Build-Depends on libnss3-dev (>= 2:3.13.4) and Depends on libnss3 (>= 2:3.13.4) (ie. with epoch). (Closes: #679465). * d/control: Suggests icedtea-7-plugin instead of icedtea6-plugin (Closes: #680284). * d/patches/7130140-MouseEvent-systemout.diff: Remove "MEvent. CASE!" from console output. (Closes: #679036). * Disable -O3 compile: cause wrong Math.* computations. (Closes: #679292 and Closes: #678228). LP: #1044857. * debian/patches/FreetypeFontScaler_getFontMetricsNative.diff: Fix "OpenJDK returns the text height greater than font size". (Closes: #657854) openjdk-7 (7~u3-2.1.1-1) unstable; urgency=medium * New upstream release with security fixes (Closes: #677486): - S7079902, CVE-2012-1711: Refine CORBA data models - S7110720: Issue with vm config file loadingIssue with vm config file loading - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC - S7143872, CVE-2012-1718: Improve certificate extension processing - S7145239: Finetune package definition restriction - S7152811, CVE-2012-1723: Issues in client compiler - S7157609, CVE-2012-1724: Issues with loop - S7160677: missing else in fix for 7152811 - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup * Patches merged upstream: - debian/patches/arm-thumb-fix.diff - debian/patches/gcc-4.7.diff [ James Page ] * Cherry picked patch from openjdk-6 to fix handling of ICC profiles (LP: #888123, #888129) (Closes: #676351). [ Damien Raude-Morvan ] * Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (Closes: #661465). * New jni_md_h_JNIEXPORT_visibility.patch to allow JNIEXPORT definition to work with -fvisibility=hidden. (Closes: #670896). openjdk-7 (7~u3-2.1.1~pre1-2) unstable; urgency=low * Don't mark the -demo package as Multi-Arch same. Closes: #670038. * Build using gcc-4.4 on mips, mipsel. * Build again with older gcj version on s390 (4.6). openjdk-7 (7~u3-2.1.1~pre1-1ubuntu3) precise-proposed; urgency=low * Default to the ARM assembler interpreter instead to JamVM on ARM. LP: #993380. openjdk-7 (7~u3-2.1.1~pre1-1ubuntu2) precise; urgency=low * Use the /usr/bin path for the policytool desktop file. LP: #980205. Closes: #670037. openjdk-7 (7~u3-2.1.1~pre1-1ubuntu1) precise; urgency=low * Regenerate the control file. openjdk-7 (7~u3-2.1.1~pre1-1) unstable; urgency=low * Update from the IcedTea7-2.1 release branch (20110410). * Install desktop files again, using the common /usr/bin/java interpreter name. * Build-depend on libpng-dev for newer releases. Closes: #662452. * Let dlopen handle finding the libpcsclite library. LP: #898689. * Build-depend on fonts-ipafont-mincho, fixing a build failure in the fontconfig compiler (find out why it breaks ...). * Build using gcc-4.7/gcj-4.7 for sid/wheezy, fix build failure. * Remove `-icedtea' suffix from the release identification. * Fix arm thumb build, update taken from IcedTea6. openjdk-7 (7~u3-2.1-4) unstable; urgency=low [ Matthias Klose ] * Don't install the binary fontconfig file. LP: #964303. [ Damien Raude-Morvan ] * Remove libxp-dev check in configure.ac, it's not needed anymore (Closes: #657260) and so drop build dependency on libxp-dev. * Fix FTBFS with glib 2.32 by adding explicit dependency gthread-2.0.pc (Closes: #665666). * Use libpng-dev instead of libpng12-dev for wheezy/sid (Closes: #662453). openjdk-7 (7~u3-2.1-3) unstable; urgency=low * d/rules,Makefile.am: Improve handling of dpkg-buildflags: don't overwrite CFLAGS of hotspot but use EXTRA_* flags into icedtea and openjdk Makefile. (Closes: #661695). * d/rules: Build everything with -03 opt level (jamvm, cacao and jdk) * d/patches/kfreebsd-support-*.diff: Refresh kfreebsd patches and fix FTBFS on k-i386 (ie. at least on a sid VM). * Backport S7104625 as d/patches/icedtea7-forest-jdk_7104625*.patch to check for logging to prevent wasted CPU (Closes: #651423). openjdk-7 (7~u3-2.1-2) unstable; urgency=low [ Matthias Klose ] * Use NanumMyeongjo as the preferred korean font. LP: #792471. * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when ifr_ifindex exceeds 255. LP: #925218. S7078386. * Use IPAfont as the preferred japanesse font. Closes: #646054. * Build using gcj on alpha and armel. Closes: #655750. [ Damien Raude-Morvan ] * d/patches/sparc-stubgenerator.diff: Fix FTBFS on sparc on stubGenerator_sparc.cpp by using explicit class typedef (Closes: #660871). * d/patches/fix_extra_flags.diff: Improve support for hardened build, also send flags to jdk build and send -Wl,-z,relro during hotspot link. * Bump Standards-Version to 3.9.3: no changes needed. * d/control: Don't use nonexistent dlopenjl:Recommends substvar, replaced by dlopenhl:Recommends. * d/*.{prerm,postrm}: Use set -e inside script instead of sh -e shebang. * Cleanup lintian-overrides. openjdk-7 (7~u3-2.1-1ubuntu2) precise; urgency=low * Make sure that the nss.cfg doesn't mention any library path. LP: #939361, #939419. * Disable the accessibility wrapper, doesn't work yet. LP: #935296. openjdk-7 (7~u3-2.1-1ubuntu1) precise; urgency=low [ Damien Raude-Morvan ] * d/patches/jexec.diff: Dropped, uneeded and not compatible with multi-arch. * d/rules: Use dpkg-buildflags to enable hardened build. (Closes: #660021). [ Matthias Klose ] * Merge r522 from openjdk6: - Make upgrades from non-multiarch to multiarch builds more silent. - Fix order of grant decls in java.policy. - Make doc files multi-arch installable. - JB-archive.applications.in: Use /usr/bin/java by default. Maybe should be moved to the default-jdk package. * Explicitly look for the gthread-2.0 pkgconfig module. openjdk-7 (7~u3-2.1-1) unstable; urgency=low * Update icedtea7 2.1 (OpenJDK7 ~u3 release): - Check for logging to prevent wasted CPU (Closes: #651423). * Fix following security issues: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server [ Matthias Klose ] * openjdk-7-jre-lib: Mark as Multi-Arch: foreign. [ Damien Raude-Morvan ] * Merge r501-521 from openjdk6: - Fix plugin name in jinfo file. - Fix build flags for cppInterpreter_arm.o. - Use java-atk-wrapper instead of java-access-bridge for accessibility. - Make the java.policy file multi-arch installable. - Don't install desktop and menu files for multiarch builds. Needs a better solution. - Don't install an alternative for the deprecated apt tool. - Make the upgrade from a non-multiarch installation location more robust; don't depend on version numbers, but check the path of the alternatives. - Disable test for armel and powerpc (broken on buildd) * d/rules: Make symbolic links to src.zip on /usr/lib/jvm/java-7-openjdk-amd64 like openjdk-6-jdk (Closes: #649618). * d/rules: Pass -n to gzip when compressing manpages to be Multi-Arch: same safe. * d/rules: Add build-arch/build-indep target. * d/rules: Re-enable Cacao VM! * d/{rules,control}: Only rhino 1.7R3 is supported by openjdk7, update B-D. * d/patches/hotspot-s390.diff: Update for latest Hotspot. * d/patches/icedtea-patch.diff: Move nssLibraryDirectory handling to d/rules. * d/rules: Remove --with-*-drop-zip options, as code drops are embedded. * d/patches/hsx23-zero.patch, patches/shark-compiler-fixes.patch: Fix FTBFS for Zero under Hotspot >= v22. * d/patches/kfreebsd-*: Refreshed. * d/control: Make openjdk-7-source:all package binNMU-able by using Depends ">=" on openjdk-7-jre (ie. src.zip won't change). openjdk-7 (7~b147-2.0-1) unstable; urgency=low * New upstream IcedTea7 release. - S7000600, CVE-2011-3547: InputStream skip() information leak. - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor. - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow. - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager. - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak. - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine. - S7055902, CVE-2011-3521: IIOP deserialization code execution. - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks. - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST). - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer. - S7077466, CVE-2011-3556: RMI DGC server remote code execution. - S7083012, CVE-2011-3557: RMI registry privileged code execution. - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection. [ Matthias Klose ] * Merge debian packaging r501 from openjdk-6: - Tighten inter-package dependencies for Debian builds. Closes: #641240. * Build-depend on wdiff. -- Matthias Klose