------------------------------------------------------------
revno: 589
committer: Matthias Klose <[email protected]>
branch nick: openjdk7
timestamp: Thu 2015-08-13 14:09:44 +0200
message:
openjdk-7 (7u79-2.5.6-1) unstable; urgency=medium
* IcedTea7 2.5.6 release (based on OpenJDK 7u79).
* Security fixes
- S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
- S8067694, CVE-2015-2625: Improved certification checking.
- S8071715, CVE-2015-4760: Tune font layout engine.
- S8071731: Better scaling for C1.
- S8072490: Better font morphing redux.
- S8072887: Better font handling improvements.
- S8073334: Improved font substitutions.
- S8073773: Presume path preparedness.
- S8073894: Getting to the root of certificate chains.
- S8074330: Set font anchors more solidly.
- S8074335: Substitute for substitution formats.
- S8074865, CVE-2015-2601: General crypto resilience changes.
- S8074871: Adjust device table handling.
- S8075374, CVE-2015-4748: Responding to OCSP responses.
- S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
- S8075738: Better multi-JVM sharing.
- S8075833, CVE-2015-2613: Straighter Elliptic Curves.
- S8075838: Method for typing MethodTypes.
- S8075853, CVE-2015-2621: Proxy for MBean proxies.
- S8076328, CVE-2015-4000: Enforce key exchange constraints.
- S8076376, CVE-2015-2628: Enhance IIOP operations.
- S8076397, CVE-2015-4731: Better MBean connections.
- S8076401, CVE-2015-2590: Serialize OIS data.
- S8076405, CVE-2015-4732: Improve serial serialization.
- S8076409, CVE-2015-4733: Reinforce RMI framework.
- S8077520, CVE-2015-2632: Morph tables into improved form.
- PR2487, CVE-2015-4000: Make jdk8 mode the default for
jdk.tls.ephemeralDHKeySize.
* Update the kfreebsd hotspot support patch (Steven Chamberlain).
Closes: #788982.
* openjdk-7-jre: Recommend the real libgconf2-4 and libgnome2-0 packages.
Closes: #786594.
-- Matthias Klose <[email protected]> Thu, 23 Jul 2015 17:19:35 +0200
modified:
changelog
generate-debian-orig.sh
patches/it-aarch64-zero-default.diff
patches/it-debian-build-flags.diff
patches/it-jamvm-2.0.diff
patches/it-nss-softokn-config.diff
patches/it-patch-updates.diff
patches/it-set-compiler.diff
patches/it-use-quilt.diff
patches/jdk-freetypeScaler-crash.diff
--
lp:~openjdk/openjdk/openjdk7
https://code.launchpad.net/~openjdk/openjdk/openjdk7
Your team Debian Java Maintainers is subscribed to branch
lp:~openjdk/openjdk/openjdk7.
To unsubscribe from this branch go to
https://code.launchpad.net/~openjdk/openjdk/openjdk7/+edit-subscription
=== modified file 'changelog'
--- changelog 2015-07-06 14:05:47 +0000
+++ changelog 2015-08-13 12:09:44 +0000
@@ -1,11 +1,41 @@
-openjdk-7 (7u79-2.5.5-2) UNRELEASED; urgency=medium
+openjdk-7 (7u79-2.5.6-1) unstable; urgency=medium
+ * IcedTea7 2.5.6 release (based on OpenJDK 7u79).
+ * Security fixes
+ - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
+ - S8067694, CVE-2015-2625: Improved certification checking.
+ - S8071715, CVE-2015-4760: Tune font layout engine.
+ - S8071731: Better scaling for C1.
+ - S8072490: Better font morphing redux.
+ - S8072887: Better font handling improvements.
+ - S8073334: Improved font substitutions.
+ - S8073773: Presume path preparedness.
+ - S8073894: Getting to the root of certificate chains.
+ - S8074330: Set font anchors more solidly.
+ - S8074335: Substitute for substitution formats.
+ - S8074865, CVE-2015-2601: General crypto resilience changes.
+ - S8074871: Adjust device table handling.
+ - S8075374, CVE-2015-4748: Responding to OCSP responses.
+ - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
+ - S8075738: Better multi-JVM sharing.
+ - S8075833, CVE-2015-2613: Straighter Elliptic Curves.
+ - S8075838: Method for typing MethodTypes.
+ - S8075853, CVE-2015-2621: Proxy for MBean proxies.
+ - S8076328, CVE-2015-4000: Enforce key exchange constraints.
+ - S8076376, CVE-2015-2628: Enhance IIOP operations.
+ - S8076397, CVE-2015-4731: Better MBean connections.
+ - S8076401, CVE-2015-2590: Serialize OIS data.
+ - S8076405, CVE-2015-4732: Improve serial serialization.
+ - S8076409, CVE-2015-4733: Reinforce RMI framework.
+ - S8077520, CVE-2015-2632: Morph tables into improved form.
+ - PR2487, CVE-2015-4000: Make jdk8 mode the default for
+ jdk.tls.ephemeralDHKeySize.
* Update the kfreebsd hotspot support patch (Steven Chamberlain).
Closes: #788982.
* openjdk-7-jre: Recommend the real libgconf2-4 and libgnome2-0 packages.
Closes: #786594.
- -- Matthias Klose <[email protected]> Mon, 06 Jul 2015 15:55:05 +0200
+ -- Matthias Klose <[email protected]> Thu, 23 Jul 2015 17:19:35 +0200
openjdk-7 (7u79-2.5.5-1) unstable; urgency=high
=== modified file 'generate-debian-orig.sh'
--- generate-debian-orig.sh 2015-07-06 13:57:08 +0000
+++ generate-debian-orig.sh 2015-08-13 12:09:44 +0000
@@ -7,13 +7,13 @@
tarballs="$tarballs icedtea-sound.tar.gz"
jamvmtb=jamvm-2.0.0.tar.gz
cacaotb=cacao-e215e36be9fc.tar.gz
-tarballdir=7u79
-version=7u79-2.5.5
+tarballdir=7u79-2
+version=7u79-2.5.6
base=openjdk-7
pkgdir=$base-$version
origtar=${base}_${version}.orig.tar.gz
-icedtea_checkout=icedtea-2.5.5
+icedtea_checkout=icedtea-2.5.6
debian_checkout=openjdk7
if [ -d $pkgdir ]; then
=== modified file 'patches/it-aarch64-zero-default.diff'
--- patches/it-aarch64-zero-default.diff 2015-07-06 13:57:08 +0000
+++ patches/it-aarch64-zero-default.diff 2015-08-13 12:09:44 +0000
@@ -8,7 +8,7 @@
===================================================================
--- a/Makefile.am
+++ b/Makefile.am
-@@ -2269,14 +2269,17 @@ if ADD_SHARK_BUILD
+@@ -2284,14 +2284,17 @@ if ADD_SHARK_BUILD
ADD_ZERO_CONFIGURE_ARGS += \
--enable-shark
endif
@@ -32,7 +32,7 @@
$(foreach i, openjdk hotspot corba jaxp jaxws jdk langtools, \
$(if $(findstring --with-$(i)-src-zip=, $(CONFIGURE_ARGS)),, --with-$(i)-src-zip=$(abs_top_builddir)/$(i).$(TAR_SUFFIX)))
-@@ -2286,7 +2289,7 @@ ADD_ZERO_EXTRA_BUILD_ENV = \
+@@ -2301,7 +2304,7 @@ ADD_ZERO_EXTRA_BUILD_ENV = \
BUILD_JAXWS=false ALT_JAXWS_DIST=$(BUILD_OUTPUT_DIR)/jaxws/dist \
BUILD_CORBA=false ALT_CORBA_DIST=$(BUILD_OUTPUT_DIR)/corba/dist \
BUILD_JDK=false \
=== modified file 'patches/it-debian-build-flags.diff'
--- patches/it-debian-build-flags.diff 2015-07-06 13:57:08 +0000
+++ patches/it-debian-build-flags.diff 2015-08-13 12:09:44 +0000
@@ -7,7 +7,7 @@
===================================================================
--- a/Makefile.am
+++ b/Makefile.am
-@@ -133,7 +133,7 @@ IT_JAVAC_SETTINGS=-g -encoding utf-8 $(J
+@@ -143,7 +143,7 @@ IT_JAVAC_SETTINGS=-g -encoding utf-8 $(J
IT_JAVACFLAGS=$(IT_JAVAC_SETTINGS) -source $(IT_LANGUAGE_SOURCE_VERSION) -target $(IT_CLASS_TARGET_VERSION)
# Flags
@@ -16,9 +16,9 @@
# Conditional defintions
-@@ -2128,7 +2128,8 @@ if BUILD_JAMVM
+@@ -2143,7 +2143,8 @@ stamps/jamvm.stamp: $(OPENJDK_TREE) stam
+ if BUILD_JAMVM
cd jamvm/jamvm && \
- LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
./autogen.sh --with-java-runtime-library=openjdk7 \
- --prefix=$(abs_top_builddir)/jamvm/install ; \
+ --prefix=$(abs_top_builddir)/jamvm/install \
@@ -26,7 +26,7 @@
$(MAKE) ; \
$(MAKE) install
mkdir -p $(abs_top_builddir)/jamvm/install/hotspot/jre/lib/$(INSTALL_ARCH_DIR)/server
-@@ -2197,7 +2198,8 @@ if !USE_SYSTEM_CACAO
+@@ -2212,7 +2213,8 @@ if !USE_SYSTEM_CACAO
--with-java-runtime-library=openjdk7 \
--with-java-runtime-library-prefix=$(abs_top_builddir)/openjdk \
--with-java-runtime-library-classes=$(RUNTIME) \
=== modified file 'patches/it-jamvm-2.0.diff'
--- patches/it-jamvm-2.0.diff 2015-07-06 13:57:08 +0000
+++ patches/it-jamvm-2.0.diff 2015-08-13 12:09:44 +0000
@@ -13,20 +13,16 @@
JAMVM_BASE_URL = $(DROP_URL)/jamvm
JAMVM_URL = $(JAMVM_BASE_URL)/jamvm-$(JAMVM_VERSION).tar.gz
JAMVM_SRC_ZIP = jamvm-$(JAMVM_VERSION).tar.gz
-@@ -269,11 +269,6 @@ ICEDTEA_PATCHES += \
- patches/cacao/ignore-tests.patch
- endif
-
--if BUILD_JAMVM
--ICEDTEA_PATCHES += \
-- patches/jamvm/pr2050-find_class_from_caller.patch
--endif
--
- if ENABLE_NSS
- ICEDTEA_PATCHES += patches/nss-config.patch \
- patches/rh1022017.patch
-@@ -285,6 +280,11 @@ ICEDTEA_PATCHES += patches/rh1022017.pat
- endif
+@@ -281,7 +281,6 @@ endif
+
+ if BUILD_JAMVM
+ ICEDTEA_PATCHES += \
+- patches/jamvm/pr2050-find_class_from_caller.patch \
+ patches/jamvm/noexecstack.patch
+ endif
+
+@@ -297,6 +296,11 @@ if !WITH_ALT_HSBUILD
+ ICEDTEA_PATCHES += patches/pr2553.patch
endif
+if BUILD_JAMVM
@@ -37,10 +33,10 @@
ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
# Bootstrapping patches
-@@ -1999,7 +1999,7 @@ stamps/jamvm.stamp: $(OPENJDK_TREE) stam
+@@ -2014,7 +2018,7 @@ clean-rewrite-rhino:
+ stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
if BUILD_JAMVM
cd jamvm/jamvm && \
- LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
- ./autogen.sh --with-java-runtime-library=openjdk7 \
+ ./configure --with-java-runtime-library=openjdk7 \
--prefix=$(abs_top_builddir)/jamvm/install \
=== modified file 'patches/it-nss-softokn-config.diff'
--- patches/it-nss-softokn-config.diff 2015-01-24 12:35:39 +0000
+++ patches/it-nss-softokn-config.diff 2015-08-13 12:09:44 +0000
@@ -4,8 +4,8 @@
===================================================================
--- a/acinclude.m4
+++ b/acinclude.m4
-@@ -2738,9 +2738,12 @@ AC_DEFUN_ONCE([IT_ENABLE_SUNEC],
- if test x"${enable_sunec}" = "xyes"; then
+@@ -2740,9 +2740,12 @@ AC_DEFUN_ONCE([IT_ENABLE_SUNEC],
+ if test x"${ENABLE_SUNEC}" = "xyes"; then
PKG_CHECK_MODULES(NSS_SOFTOKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
PKG_CHECK_MODULES(NSS_JAVA, nss-java, [NSS_JAVA_FOUND=yes], [NSS_JAVA_FOUND=no])
+ NSS_SOFTOKN_FOUND=yes
=== modified file 'patches/it-patch-updates.diff'
--- patches/it-patch-updates.diff 2014-07-06 16:51:39 +0000
+++ patches/it-patch-updates.diff 2015-08-13 12:09:44 +0000
@@ -2,6 +2,8 @@
Author: Matthias Klose <[email protected]>
Last-Update: 2014-07-06
+Index: b/patches/boot/bootstrap-tools.patch
+===================================================================
--- a/patches/boot/bootstrap-tools.patch
+++ b/patches/boot/bootstrap-tools.patch
@@ -1,7 +1,8 @@
=== modified file 'patches/it-set-compiler.diff'
--- patches/it-set-compiler.diff 2015-07-06 13:57:08 +0000
+++ patches/it-set-compiler.diff 2015-08-13 12:09:44 +0000
@@ -6,7 +6,7 @@
===================================================================
--- a/Makefile.am
+++ b/Makefile.am
-@@ -487,6 +487,7 @@ ICEDTEA_ENV = \
+@@ -500,6 +500,7 @@ ICEDTEA_ENV = \
VERBOSE="$(VERBOSE)" \
STATIC_CXX="false" \
BUILD_GCC="$(CC)" \
=== modified file 'patches/it-use-quilt.diff'
--- patches/it-use-quilt.diff 2015-07-06 13:57:08 +0000
+++ patches/it-use-quilt.diff 2015-08-13 12:09:44 +0000
@@ -7,7 +7,7 @@
===================================================================
--- a/Makefile.am
+++ b/Makefile.am
-@@ -1339,132 +1339,37 @@ clean-generated:
+@@ -1352,132 +1352,37 @@ clean-generated:
rm -f stamps/generated.stamp
stamps/patch-fsg.stamp: stamps/extract.stamp
@@ -162,7 +162,7 @@
fi
stamps/versioning.stamp: stamps/patch.stamp
-@@ -1534,54 +1439,20 @@ clean-clone-boot:
+@@ -1547,54 +1452,20 @@ clean-clone-boot:
rm -f stamps/clone-boot.stamp
stamps/patch-boot.stamp: stamps/clone-boot.stamp
=== modified file 'patches/jdk-freetypeScaler-crash.diff'
--- patches/jdk-freetypeScaler-crash.diff 2015-07-06 13:57:08 +0000
+++ patches/jdk-freetypeScaler-crash.diff 2015-08-13 12:09:44 +0000
@@ -24,8 +24,6 @@
Reviewed-by:
Contributed-by: [email protected]
-Index: openjdk/jdk/make/sun/font/mapfile-vers.openjdk
-===================================================================
--- openjdk/jdk/make/sun/font/mapfile-vers.openjdk
+++ openjdk/jdk/make/sun/font/mapfile-vers.openjdk
@@ -29,6 +29,7 @@
@@ -36,8 +34,6 @@
getSunFontIDs;
newLayoutTableCache;
freeLayoutTableCache;
-Index: openjdk/jdk/src/share/native/sun/font/freetypeScaler.c
-===================================================================
--- openjdk/jdk/src/share/native/sun/font/freetypeScaler.c
+++ openjdk/jdk/src/share/native/sun/font/freetypeScaler.c
@@ -52,16 +52,6 @@
@@ -82,19 +78,7 @@
if (scalerInfo->directBuffer != NULL) {
(*env)->DeleteGlobalRef(env, scalerInfo->directBuffer);
}
-@@ -151,10 +152,9 @@ static void invalidateJavaScaler(JNIEnv
-
- #define FILEDATACACHESIZE 1024
-
--/* NB: is it ever called? */
- static void CloseTTFontFileFunc(FT_Stream stream) {
-+ JNIEnv* env = (JNIEnv*) JNU_GetEnv(jvm, JNI_VERSION_1_2);
- FTScalerInfo *scalerInfo = (FTScalerInfo *) stream->pathname.pointer;
-- JNIEnv* env = scalerInfo->env;
- jclass tmpClass = (*env)->FindClass(env, "sun/font/TrueTypeFont");
- jfieldID platNameField =
- (*env)->GetFieldID(env, tmpClass, "platName", "Ljava/lang/String;");
-@@ -170,8 +170,8 @@ static unsigned long ReadTTFontFileFunc(
+@@ -156,8 +157,8 @@ static unsigned long ReadTTFontFileFunc(
unsigned char* destBuffer,
unsigned long numBytes)
{
@@ -104,7 +88,7 @@
jobject bBuffer;
int bread = 0;
-@@ -248,8 +248,7 @@ Java_sun_font_FreetypeFontScaler_initNat
+@@ -234,8 +235,7 @@ Java_sun_font_FreetypeFontScaler_initNat
if (scalerInfo == NULL)
return 0;
@@ -114,7 +98,7 @@
scalerInfo->fontDataOffset = 0;
scalerInfo->fontDataLength = 0;
scalerInfo->fileSize = filesize;
-@@ -266,6 +265,7 @@ Java_sun_font_FreetypeFontScaler_initNat
+@@ -252,6 +252,7 @@ Java_sun_font_FreetypeFontScaler_initNat
*/
error = FT_Init_FreeType(&scalerInfo->library);
if (error) {
@@ -122,7 +106,7 @@
free(scalerInfo);
return 0;
}
-@@ -334,6 +334,7 @@ Java_sun_font_FreetypeFontScaler_initNat
+@@ -320,6 +321,7 @@ Java_sun_font_FreetypeFontScaler_initNat
}
if (scalerInfo->fontData != NULL)
free(scalerInfo->fontData);
@@ -130,7 +114,7 @@
free(scalerInfo);
return 0;
}
-@@ -394,8 +395,10 @@ static int setupFTContext(JNIEnv *env,
+@@ -380,8 +382,10 @@ static int setupFTContext(JNIEnv *env,
FTScalerContext *context) {
int errCode = 0;
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
