openjdk6] Rev 572: openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium

noreply Sat, 01 Aug 2015 11:26:18 -0700

------------------------------------------------------------
revno: 572
committer: Matthias Klose <d...@debian.org>
branch nick: openjdk6
timestamp: Sat 2015-08-01 20:24:41 +0200
message:
  openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium
  
    * IcedTea 1.13.8 release.
    * Security fixes:
      - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
      - S8067694, CVE-2015-2625: Improved certification checking.
      - S8071715, CVE-2015-4760: Tune font layout engine.
      - S8071731: Better scaling for C1.
      - S8072490: Better font morphing redux.
      - S8072887: Better font handling improvements.
      - S8073334: Improved font substitutions.
      - S8073773: Presume path preparedness.
      - S8073894: Getting to the root of certificate chains.
      - S8074330: Set font anchors more solidly.
      - S8074335: Substitute for substitution formats.
      - S8074865, CVE-2015-2601: General crypto resilience changes.
      - S8074871: Adjust device table handling.
      - S8075374, CVE-2015-4748: Responding to OCSP responses.
      - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
      - S8075738: Better multi-JVM sharing.
      - S8075838: Method for typing MethodTypes.
      - S8075853, CVE-2015-2621: Proxy for MBean proxies.
      - S8076328, CVE-2015-4000: Enforce key exchange constraints.
      - S8076376, CVE-2015-2628: Enhance IIOP operations.
      - S8076397, CVE-2015-4731: Better MBean connections.
      - S8076401, CVE-2015-2590: Serialize OIS data.
      - S8076405, CVE-2015-4732: Improve serial serialization.
      - S8076409, CVE-2015-4733: Reinforce RMI framework.
      - S8077520, CVE-2015-2632: Morph tables into improved form.
      - PR2488, CVE-2015-4000: Make jdk8 mode the default for
        jdk.tls.ephemeralDHKeySize.
    * Refresh patches.
  
   -- Matthias Klose <d...@ubuntu.com>  Fri, 31 Jul 2015 16:24:22 +0200
modified:
  changelog
  generate-debian-orig.sh
  icedtea-patch.diff
  patches/jdk-freetypeScaler-crash.diff
  rules



--
lp:~openjdk/openjdk/openjdk6
https://code.launchpad.net/~openjdk/openjdk/openjdk6

Your team Debian Java Maintainers is subscribed to branch 
lp:~openjdk/openjdk/openjdk6.
To unsubscribe from this branch go to 
https://code.launchpad.net/~openjdk/openjdk/openjdk6/+edit-subscription

=== modified file 'changelog'
--- changelog	2015-04-15 18:34:25 +0000
+++ changelog	2015-08-01 18:24:41 +0000
@@ -1,3 +1,38 @@
+openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium
+
+  * IcedTea 1.13.8 release.
+  * Security fixes:
+    - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
+    - S8067694, CVE-2015-2625: Improved certification checking.
+    - S8071715, CVE-2015-4760: Tune font layout engine.
+    - S8071731: Better scaling for C1.
+    - S8072490: Better font morphing redux.
+    - S8072887: Better font handling improvements.
+    - S8073334: Improved font substitutions.
+    - S8073773: Presume path preparedness.
+    - S8073894: Getting to the root of certificate chains.
+    - S8074330: Set font anchors more solidly.
+    - S8074335: Substitute for substitution formats.
+    - S8074865, CVE-2015-2601: General crypto resilience changes.
+    - S8074871: Adjust device table handling.
+    - S8075374, CVE-2015-4748: Responding to OCSP responses.
+    - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
+    - S8075738: Better multi-JVM sharing.
+    - S8075838: Method for typing MethodTypes.
+    - S8075853, CVE-2015-2621: Proxy for MBean proxies.
+    - S8076328, CVE-2015-4000: Enforce key exchange constraints.
+    - S8076376, CVE-2015-2628: Enhance IIOP operations.
+    - S8076397, CVE-2015-4731: Better MBean connections.
+    - S8076401, CVE-2015-2590: Serialize OIS data.
+    - S8076405, CVE-2015-4732: Improve serial serialization.
+    - S8076409, CVE-2015-4733: Reinforce RMI framework.
+    - S8077520, CVE-2015-2632: Morph tables into improved form.
+    - PR2488, CVE-2015-4000: Make jdk8 mode the default for
+      jdk.tls.ephemeralDHKeySize.
+  * Refresh patches.
+
+ -- Matthias Klose <d...@ubuntu.com>  Fri, 31 Jul 2015 16:24:22 +0200
+
 openjdk-6 (6b35-1.13.7-1) unstable; urgency=medium
 
   * IcedTea 1.13.7 release.

=== modified file 'generate-debian-orig.sh'
--- generate-debian-orig.sh	2015-04-15 18:34:25 +0000
+++ generate-debian-orig.sh	2015-08-01 18:24:41 +0000
@@ -1,6 +1,6 @@
 
-tarball=openjdk-6-src-b35-14_apr_2015.tar.xz
-version=6b35-1.13.7
+tarball=openjdk-6-src-b36-22_jul_2015.tar.xz
+version=6b36-1.13.8
 hotspot=hotspot-hs20.tar.gz
 cacaotb=cacao-0.99.4.tar.bz2
 cacaotb=cacao-68fe50ac34ec.tar.gz
@@ -8,10 +8,10 @@
 base=openjdk-6
 pkgdir=$base-$version
 origtar=${base}_${version}.orig.tar.gz
-tarballdir=6b35
+tarballdir=6b36
 
 icedtea_checkout=icedtea6-1.13
-icedtea_checkout=icedtea6-1.13.7
+icedtea_checkout=icedtea6-1.13.8
 debian_checkout=openjdk6
 
 if [ -d $pkgdir ]; then

=== modified file 'icedtea-patch.diff'
--- icedtea-patch.diff	2015-04-15 18:34:25 +0000
+++ icedtea-patch.diff	2015-08-01 18:24:41 +0000
@@ -1,5 +1,5 @@
---- openjdk-6-6b34-1.13.6.orig/Makefile.am
-+++ openjdk-6-6b34-1.13.6/Makefile.am
+--- openjdk-6-6b36-1.13.8.orig/Makefile.am
++++ openjdk-6-6b36-1.13.8/Makefile.am
 @@ -11,8 +11,8 @@
  CACAO_URL = $(CACAO_BASE_URL)/$(CACAO_VERSION).tar.gz
  CACAO_SRC_ZIP = cacao-$(CACAO_VERSION).tar.gz
@@ -11,20 +11,16 @@
  JAMVM_BASE_URL = http://icedtea.classpath.org/download/drops/jamvm
  JAMVM_URL = $(JAMVM_BASE_URL)/jamvm-$(JAMVM_VERSION).tar.gz
  JAMVM_SRC_ZIP = jamvm-$(JAMVM_VERSION).tar.gz
-@@ -646,11 +646,6 @@
- 	patches/hotspot/hs23/systemtap-alloc-size-workaround.patch
+@@ -676,7 +676,6 @@
+ 
+ if BUILD_JAMVM
+ ICEDTEA_PATCHES += \
+-	patches/jamvm/pr2190-find_class_from_caller.patch \
+ 	patches/jamvm/noexecstack.patch
  endif
  
--if BUILD_JAMVM
--ICEDTEA_PATCHES += \
--	patches/jamvm/pr2190-find_class_from_caller.patch
--endif
--
- if ENABLE_NSS
+@@ -714,6 +713,11 @@
  ICEDTEA_PATCHES += patches/rh1022017.patch
- NSS_PATCHES = patches/nss-config.patch
-@@ -688,6 +683,11 @@
- 	patches/libraries-gif.patch
  endif
  
 +if BUILD_JAMVM
@@ -35,7 +31,7 @@
  ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
  
  # Bootstrapping patches
-@@ -816,6 +816,7 @@
+@@ -839,6 +843,7 @@
  	ALT_OUTPUTDIR="$(BUILD_OUTPUT_DIR)" \
  	STATIC_CXX="false" \
  	BUILD_GCC=gcc$(GCC_SUFFIX) \
@@ -43,16 +39,16 @@
  	BUILD_CXX=g++$(GCC_SUFFIX) \
  	COMPILER_WARNINGS_FATAL="$(WERROR_STATUS)" \
  	UNLIMITED_CRYPTO="true"
-@@ -2392,7 +2393,7 @@
+@@ -2414,7 +2419,7 @@
+ stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
  if BUILD_JAMVM
  	cd jamvm/jamvm && \
- 	LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
 -	./autogen.sh --with-java-runtime-library=openjdk6 \
 +	./configure --with-java-runtime-library=openjdk6 \
  	  --prefix=$(abs_top_builddir)/jamvm/install ; \
  	$(MAKE) ; \
  	$(MAKE) install
-@@ -2533,13 +2534,15 @@
+@@ -2555,13 +2560,15 @@
  ADD_ZERO_CONFIGURE_ARGS += \
  	--enable-shark
  endif
@@ -73,8 +69,8 @@
  		$(CONFIGURE_ARGS)) \
  	$(if $(findstring --with-openjdk-src-zip=, $(CONFIGURE_ARGS)),, \
  	  --with-openjdk-src-zip=$(abs_top_builddir)/$(OPENJDK_SRC_ZIP))
---- openjdk-6-6b34-1.13.6.orig/acinclude.m4
-+++ openjdk-6-6b34-1.13.6/acinclude.m4
+--- openjdk-6-6b36-1.13.8.orig/acinclude.m4
++++ openjdk-6-6b36-1.13.8/acinclude.m4
 @@ -22,6 +22,12 @@
        JRE_ARCH_DIR=alpha
        CROSS_TARGET_ARCH=alpha
@@ -88,8 +84,8 @@
      arm*)
        BUILD_ARCH_DIR=arm
        INSTALL_ARCH_DIR=arm
---- openjdk-6-6b34-1.13.6.orig/autogen.sh
-+++ openjdk-6-6b34-1.13.6/autogen.sh
+--- openjdk-6-6b36-1.13.8.orig/autogen.sh
++++ openjdk-6-6b36-1.13.8/autogen.sh
 @@ -101,7 +101,7 @@
  
  HAVE_ACLOCAL=false
@@ -108,8 +104,8 @@
      if ${AUTOMAKE} --version > /dev/null 2>&1; then
          AUTOMAKE_VERSION=`${AUTOMAKE} --version | head -1 | sed 's/^[^0-9]*\([0-9.][0-9.]*\).*/\1/'`
  #        echo ${AUTOMAKE_VERSION}
---- openjdk-6-6b34-1.13.6.orig/configure.ac
-+++ openjdk-6-6b34-1.13.6/configure.ac
+--- openjdk-6-6b36-1.13.8.orig/configure.ac
++++ openjdk-6-6b36-1.13.8/configure.ac
 @@ -4,6 +4,8 @@
  AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
  AC_CONFIG_FILES([Makefile fsg.sh])
@@ -119,8 +115,8 @@
  # Older automake doesn't generate these correctly
  abs_top_builddir=`pwd -P`
  AC_SUBST(abs_top_builddir)
---- openjdk-6-6b34-1.13.6.orig/patches/jamvm-2.5.3-fix.diff
-+++ openjdk-6-6b34-1.13.6/patches/jamvm-2.5.3-fix.diff
+--- openjdk-6-6b36-1.13.8.orig/patches/jamvm-2.5.3-fix.diff
++++ openjdk-6-6b36-1.13.8/patches/jamvm-2.5.3-fix.diff
 @@ -0,0 +1,76 @@
 +--- jamvm/jamvm/src/classlib/openjdk/jvm.c
 ++++ jamvm/jamvm/src/classlib/openjdk/jvm.c

=== modified file 'patches/jdk-freetypeScaler-crash.diff'
--- patches/jdk-freetypeScaler-crash.diff	2008-10-17 11:22:21 +0000
+++ patches/jdk-freetypeScaler-crash.diff	2015-08-01 18:24:41 +0000
@@ -24,23 +24,21 @@
 Reviewed-by:
 Contributed-by: yamau...@google.com
 
-diff --git a/make/sun/font/mapfile-vers.openjdk b/jdk/make/sun/font/mapfile-vers.openjdk
---- openjdk/jdk/make/sun/font/mapfile-vers.openjdk
-+++ openjdk/jdk/make/sun/font/mapfile-vers.openjdk
+--- openjdk/jdk/make/sun/font/mapfile-vers.openjdk.orig	2015-07-20 18:21:50.000000000 +0200
++++ openjdk/jdk/make/sun/font/mapfile-vers.openjdk	2015-08-01 11:29:26.256353069 +0200
 @@ -29,6 +29,7 @@
-
+ 
  SUNWprivate_1.1 {
  	global:
 +                JNI_OnLoad;
                  getSunFontIDs;
-                 newLayoutTableCache;
+                 newLayoutTableCache; 
                  freeLayoutTableCache;
-diff --git a/src/share/native/sun/font/freetypeScaler.c b/src/share/native/sun/font/freetypeScaler.c
---- openjdk/jdk/src/share/native/sun/font/freetypeScaler.c
-+++ openjdk/jdk/src/share/native/sun/font/freetypeScaler.c
+--- openjdk/jdk/src/share/native/sun/font/freetypeScaler.c.orig	2015-08-01 11:26:23.861296787 +0200
++++ openjdk/jdk/src/share/native/sun/font/freetypeScaler.c	2015-08-01 11:29:26.260353136 +0200
 @@ -48,16 +48,6 @@
  #define  ROUND(x) ((int) (x+0.5))
-
+ 
  typedef struct {
 -    /* Important note:
 -         JNI forbids sharing same env between different threads.
@@ -58,7 +56,7 @@
 @@ -90,6 +80,13 @@
  void z_error(char *s) {}
  #endif
-
+ 
 +static JavaVM* jvm = NULL;
 +
 +JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) {
@@ -67,32 +65,20 @@
 +}
 +
  /**************** Error handling utilities *****************/
-
+ 
  static jmethodID invalidateScalerMID;
-@@ -107,6 +104,10 @@
-
+@@ -120,6 +117,10 @@
      FT_Done_Face(scalerInfo->face);
      FT_Done_FreeType(scalerInfo->library);
-+
+ 
 +    if (scalerInfo->font2D != NULL) {
 +        (*env)->DeleteGlobalRef(env, scalerInfo->font2D);
 +    }
-
++
      if (scalerInfo->directBuffer != NULL) {
          (*env)->DeleteGlobalRef(env, scalerInfo->directBuffer);
-@@ -131,10 +132,9 @@
-
- #define FILEDATACACHESIZE 1024
-
--/* NB: is it ever called? */
- static void CloseTTFontFileFunc(FT_Stream stream) {
-+    JNIEnv* env = (JNIEnv*) JNU_GetEnv(jvm, JNI_VERSION_1_2);
-     FTScalerInfo *scalerInfo = (FTScalerInfo *) stream->pathname.pointer;
--    JNIEnv* env = scalerInfo->env;
-     jclass tmpClass = (*env)->FindClass(env, "sun/font/TrueTypeFont");
-     jfieldID platNameField =
-          (*env)->GetFieldID(env, tmpClass, "platName", "Ljava/lang/String;");
-@@ -150,8 +150,8 @@
+     }
+@@ -152,8 +153,8 @@
                                          unsigned char* destBuffer,
                                          unsigned long numBytes)
  {
@@ -101,18 +87,18 @@
 -    JNIEnv* env = scalerInfo->env;
      jobject bBuffer;
      int bread = 0;
-
-@@ -245,8 +245,7 @@
+ 
+@@ -230,8 +231,7 @@
      if (scalerInfo == NULL)
          return 0;
-
+ 
 -    scalerInfo->env = env;
 -    scalerInfo->font2D = font2D;
 +    scalerInfo->font2D = (*env)->NewGlobalRef(env, font2D);
      scalerInfo->fontDataOffset = 0;
      scalerInfo->fontDataLength = 0;
      scalerInfo->fileSize = filesize;
-@@ -263,6 +262,7 @@
+@@ -248,6 +248,7 @@
      */
      error = FT_Init_FreeType(&scalerInfo->library);
      if (error) {
@@ -120,7 +106,7 @@
          free(scalerInfo);
          return 0;
      }
-@@ -331,6 +331,7 @@
+@@ -316,6 +317,7 @@
          }
          if (scalerInfo->fontData != NULL)
              free(scalerInfo->fontData);
@@ -128,15 +114,16 @@
          free(scalerInfo);
          return 0;
      }
-@@ -391,8 +392,10 @@
+@@ -376,8 +378,10 @@
                            FTScalerContext *context) {
      int errCode = 0;
-
+ 
 -    scalerInfo->env = env;
 -    scalerInfo->font2D = font2D;
 +    if (scalerInfo->font2D != NULL) {
 +        (*env)->DeleteGlobalRef(env, scalerInfo->font2D);
 +    }
 +    scalerInfo->font2D = (*env)->NewGlobalRef(env, font2D);
-
-     FT_Set_Transform(scalerInfo->face, &context->transform, NULL);
+ 
+     if (context != NULL) {
+         FT_Set_Transform(scalerInfo->face, &context->transform, NULL);

=== modified file 'rules'
--- rules	2015-04-15 18:34:25 +0000
+++ rules	2015-08-01 18:24:41 +0000
@@ -188,8 +188,8 @@
   $(error unknown bootstrap method for architecture $(DEB_HOST_ARCH))
 endif
 
-OPENJDK_VERSION = b35
-OPENJDK_SRC_ZIP = openjdk-6-src-$(OPENJDK_VERSION)-14_apr_2015.tar.xz
+OPENJDK_VERSION = b36
+OPENJDK_SRC_ZIP = openjdk-6-src-$(OPENJDK_VERSION)-22_jul_2015.tar.xz
 # the version of the build dependency for non-bootstrap builds; only adjust if
 # the package is installable on all these architectures.
 req_openjdk_bd_ver = 6b27

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

[Branch ~openjdk/openjdk/openjdk6] Rev 572: openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium

Reply via email to