------------------------------------------------------------ revno: 572 committer: Matthias Klose <d...@debian.org> branch nick: openjdk6 timestamp: Sat 2015-08-01 20:24:41 +0200 message: openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium * IcedTea 1.13.8 release. * Security fixes: - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites. - S8067694, CVE-2015-2625: Improved certification checking. - S8071715, CVE-2015-4760: Tune font layout engine. - S8071731: Better scaling for C1. - S8072490: Better font morphing redux. - S8072887: Better font handling improvements. - S8073334: Improved font substitutions. - S8073773: Presume path preparedness. - S8073894: Getting to the root of certificate chains. - S8074330: Set font anchors more solidly. - S8074335: Substitute for substitution formats. - S8074865, CVE-2015-2601: General crypto resilience changes. - S8074871: Adjust device table handling. - S8075374, CVE-2015-4748: Responding to OCSP responses. - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling. - S8075738: Better multi-JVM sharing. - S8075838: Method for typing MethodTypes. - S8075853, CVE-2015-2621: Proxy for MBean proxies. - S8076328, CVE-2015-4000: Enforce key exchange constraints. - S8076376, CVE-2015-2628: Enhance IIOP operations. - S8076397, CVE-2015-4731: Better MBean connections. - S8076401, CVE-2015-2590: Serialize OIS data. - S8076405, CVE-2015-4732: Improve serial serialization. - S8076409, CVE-2015-4733: Reinforce RMI framework. - S8077520, CVE-2015-2632: Morph tables into improved form. - PR2488, CVE-2015-4000: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize. * Refresh patches. -- Matthias Klose <d...@ubuntu.com> Fri, 31 Jul 2015 16:24:22 +0200 modified: changelog generate-debian-orig.sh icedtea-patch.diff patches/jdk-freetypeScaler-crash.diff rules
-- lp:~openjdk/openjdk/openjdk6 https://code.launchpad.net/~openjdk/openjdk/openjdk6 Your team Debian Java Maintainers is subscribed to branch lp:~openjdk/openjdk/openjdk6. To unsubscribe from this branch go to https://code.launchpad.net/~openjdk/openjdk/openjdk6/+edit-subscription
=== modified file 'changelog' --- changelog 2015-04-15 18:34:25 +0000 +++ changelog 2015-08-01 18:24:41 +0000 @@ -1,3 +1,38 @@ +openjdk-6 (6b36-1.13.8-1) experimental; urgency=medium + + * IcedTea 1.13.8 release. + * Security fixes: + - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites. + - S8067694, CVE-2015-2625: Improved certification checking. + - S8071715, CVE-2015-4760: Tune font layout engine. + - S8071731: Better scaling for C1. + - S8072490: Better font morphing redux. + - S8072887: Better font handling improvements. + - S8073334: Improved font substitutions. + - S8073773: Presume path preparedness. + - S8073894: Getting to the root of certificate chains. + - S8074330: Set font anchors more solidly. + - S8074335: Substitute for substitution formats. + - S8074865, CVE-2015-2601: General crypto resilience changes. + - S8074871: Adjust device table handling. + - S8075374, CVE-2015-4748: Responding to OCSP responses. + - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling. + - S8075738: Better multi-JVM sharing. + - S8075838: Method for typing MethodTypes. + - S8075853, CVE-2015-2621: Proxy for MBean proxies. + - S8076328, CVE-2015-4000: Enforce key exchange constraints. + - S8076376, CVE-2015-2628: Enhance IIOP operations. + - S8076397, CVE-2015-4731: Better MBean connections. + - S8076401, CVE-2015-2590: Serialize OIS data. + - S8076405, CVE-2015-4732: Improve serial serialization. + - S8076409, CVE-2015-4733: Reinforce RMI framework. + - S8077520, CVE-2015-2632: Morph tables into improved form. + - PR2488, CVE-2015-4000: Make jdk8 mode the default for + jdk.tls.ephemeralDHKeySize. + * Refresh patches. + + -- Matthias Klose <d...@ubuntu.com> Fri, 31 Jul 2015 16:24:22 +0200 + openjdk-6 (6b35-1.13.7-1) unstable; urgency=medium * IcedTea 1.13.7 release. === modified file 'generate-debian-orig.sh' --- generate-debian-orig.sh 2015-04-15 18:34:25 +0000 +++ generate-debian-orig.sh 2015-08-01 18:24:41 +0000 @@ -1,6 +1,6 @@ -tarball=openjdk-6-src-b35-14_apr_2015.tar.xz -version=6b35-1.13.7 +tarball=openjdk-6-src-b36-22_jul_2015.tar.xz +version=6b36-1.13.8 hotspot=hotspot-hs20.tar.gz cacaotb=cacao-0.99.4.tar.bz2 cacaotb=cacao-68fe50ac34ec.tar.gz @@ -8,10 +8,10 @@ base=openjdk-6 pkgdir=$base-$version origtar=${base}_${version}.orig.tar.gz -tarballdir=6b35 +tarballdir=6b36 icedtea_checkout=icedtea6-1.13 -icedtea_checkout=icedtea6-1.13.7 +icedtea_checkout=icedtea6-1.13.8 debian_checkout=openjdk6 if [ -d $pkgdir ]; then === modified file 'icedtea-patch.diff' --- icedtea-patch.diff 2015-04-15 18:34:25 +0000 +++ icedtea-patch.diff 2015-08-01 18:24:41 +0000 @@ -1,5 +1,5 @@ ---- openjdk-6-6b34-1.13.6.orig/Makefile.am -+++ openjdk-6-6b34-1.13.6/Makefile.am +--- openjdk-6-6b36-1.13.8.orig/Makefile.am ++++ openjdk-6-6b36-1.13.8/Makefile.am @@ -11,8 +11,8 @@ CACAO_URL = $(CACAO_BASE_URL)/$(CACAO_VERSION).tar.gz CACAO_SRC_ZIP = cacao-$(CACAO_VERSION).tar.gz @@ -11,20 +11,16 @@ JAMVM_BASE_URL = http://icedtea.classpath.org/download/drops/jamvm JAMVM_URL = $(JAMVM_BASE_URL)/jamvm-$(JAMVM_VERSION).tar.gz JAMVM_SRC_ZIP = jamvm-$(JAMVM_VERSION).tar.gz -@@ -646,11 +646,6 @@ - patches/hotspot/hs23/systemtap-alloc-size-workaround.patch +@@ -676,7 +676,6 @@ + + if BUILD_JAMVM + ICEDTEA_PATCHES += \ +- patches/jamvm/pr2190-find_class_from_caller.patch \ + patches/jamvm/noexecstack.patch endif --if BUILD_JAMVM --ICEDTEA_PATCHES += \ -- patches/jamvm/pr2190-find_class_from_caller.patch --endif -- - if ENABLE_NSS +@@ -714,6 +713,11 @@ ICEDTEA_PATCHES += patches/rh1022017.patch - NSS_PATCHES = patches/nss-config.patch -@@ -688,6 +683,11 @@ - patches/libraries-gif.patch endif +if BUILD_JAMVM @@ -35,7 +31,7 @@ ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES) # Bootstrapping patches -@@ -816,6 +816,7 @@ +@@ -839,6 +843,7 @@ ALT_OUTPUTDIR="$(BUILD_OUTPUT_DIR)" \ STATIC_CXX="false" \ BUILD_GCC=gcc$(GCC_SUFFIX) \ @@ -43,16 +39,16 @@ BUILD_CXX=g++$(GCC_SUFFIX) \ COMPILER_WARNINGS_FATAL="$(WERROR_STATUS)" \ UNLIMITED_CRYPTO="true" -@@ -2392,7 +2393,7 @@ +@@ -2414,7 +2419,7 @@ + stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp if BUILD_JAMVM cd jamvm/jamvm && \ - LDFLAGS="-Xlinker -z -Xlinker noexecstack" \ - ./autogen.sh --with-java-runtime-library=openjdk6 \ + ./configure --with-java-runtime-library=openjdk6 \ --prefix=$(abs_top_builddir)/jamvm/install ; \ $(MAKE) ; \ $(MAKE) install -@@ -2533,13 +2534,15 @@ +@@ -2555,13 +2560,15 @@ ADD_ZERO_CONFIGURE_ARGS += \ --enable-shark endif @@ -73,8 +69,8 @@ $(CONFIGURE_ARGS)) \ $(if $(findstring --with-openjdk-src-zip=, $(CONFIGURE_ARGS)),, \ --with-openjdk-src-zip=$(abs_top_builddir)/$(OPENJDK_SRC_ZIP)) ---- openjdk-6-6b34-1.13.6.orig/acinclude.m4 -+++ openjdk-6-6b34-1.13.6/acinclude.m4 +--- openjdk-6-6b36-1.13.8.orig/acinclude.m4 ++++ openjdk-6-6b36-1.13.8/acinclude.m4 @@ -22,6 +22,12 @@ JRE_ARCH_DIR=alpha CROSS_TARGET_ARCH=alpha @@ -88,8 +84,8 @@ arm*) BUILD_ARCH_DIR=arm INSTALL_ARCH_DIR=arm ---- openjdk-6-6b34-1.13.6.orig/autogen.sh -+++ openjdk-6-6b34-1.13.6/autogen.sh +--- openjdk-6-6b36-1.13.8.orig/autogen.sh ++++ openjdk-6-6b36-1.13.8/autogen.sh @@ -101,7 +101,7 @@ HAVE_ACLOCAL=false @@ -108,8 +104,8 @@ if ${AUTOMAKE} --version > /dev/null 2>&1; then AUTOMAKE_VERSION=`${AUTOMAKE} --version | head -1 | sed 's/^[^0-9]*\([0-9.][0-9.]*\).*/\1/'` # echo ${AUTOMAKE_VERSION} ---- openjdk-6-6b34-1.13.6.orig/configure.ac -+++ openjdk-6-6b34-1.13.6/configure.ac +--- openjdk-6-6b36-1.13.8.orig/configure.ac ++++ openjdk-6-6b36-1.13.8/configure.ac @@ -4,6 +4,8 @@ AM_INIT_AUTOMAKE([1.9 tar-pax foreign]) AC_CONFIG_FILES([Makefile fsg.sh]) @@ -119,8 +115,8 @@ # Older automake doesn't generate these correctly abs_top_builddir=`pwd -P` AC_SUBST(abs_top_builddir) ---- openjdk-6-6b34-1.13.6.orig/patches/jamvm-2.5.3-fix.diff -+++ openjdk-6-6b34-1.13.6/patches/jamvm-2.5.3-fix.diff +--- openjdk-6-6b36-1.13.8.orig/patches/jamvm-2.5.3-fix.diff ++++ openjdk-6-6b36-1.13.8/patches/jamvm-2.5.3-fix.diff @@ -0,0 +1,76 @@ +--- jamvm/jamvm/src/classlib/openjdk/jvm.c ++++ jamvm/jamvm/src/classlib/openjdk/jvm.c === modified file 'patches/jdk-freetypeScaler-crash.diff' --- patches/jdk-freetypeScaler-crash.diff 2008-10-17 11:22:21 +0000 +++ patches/jdk-freetypeScaler-crash.diff 2015-08-01 18:24:41 +0000 @@ -24,23 +24,21 @@ Reviewed-by: Contributed-by: yamau...@google.com -diff --git a/make/sun/font/mapfile-vers.openjdk b/jdk/make/sun/font/mapfile-vers.openjdk ---- openjdk/jdk/make/sun/font/mapfile-vers.openjdk -+++ openjdk/jdk/make/sun/font/mapfile-vers.openjdk +--- openjdk/jdk/make/sun/font/mapfile-vers.openjdk.orig 2015-07-20 18:21:50.000000000 +0200 ++++ openjdk/jdk/make/sun/font/mapfile-vers.openjdk 2015-08-01 11:29:26.256353069 +0200 @@ -29,6 +29,7 @@ - + SUNWprivate_1.1 { global: + JNI_OnLoad; getSunFontIDs; - newLayoutTableCache; + newLayoutTableCache; freeLayoutTableCache; -diff --git a/src/share/native/sun/font/freetypeScaler.c b/src/share/native/sun/font/freetypeScaler.c ---- openjdk/jdk/src/share/native/sun/font/freetypeScaler.c -+++ openjdk/jdk/src/share/native/sun/font/freetypeScaler.c +--- openjdk/jdk/src/share/native/sun/font/freetypeScaler.c.orig 2015-08-01 11:26:23.861296787 +0200 ++++ openjdk/jdk/src/share/native/sun/font/freetypeScaler.c 2015-08-01 11:29:26.260353136 +0200 @@ -48,16 +48,6 @@ #define ROUND(x) ((int) (x+0.5)) - + typedef struct { - /* Important note: - JNI forbids sharing same env between different threads. @@ -58,7 +56,7 @@ @@ -90,6 +80,13 @@ void z_error(char *s) {} #endif - + +static JavaVM* jvm = NULL; + +JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) { @@ -67,32 +65,20 @@ +} + /**************** Error handling utilities *****************/ - + static jmethodID invalidateScalerMID; -@@ -107,6 +104,10 @@ - +@@ -120,6 +117,10 @@ FT_Done_Face(scalerInfo->face); FT_Done_FreeType(scalerInfo->library); -+ + + if (scalerInfo->font2D != NULL) { + (*env)->DeleteGlobalRef(env, scalerInfo->font2D); + } - ++ if (scalerInfo->directBuffer != NULL) { (*env)->DeleteGlobalRef(env, scalerInfo->directBuffer); -@@ -131,10 +132,9 @@ - - #define FILEDATACACHESIZE 1024 - --/* NB: is it ever called? */ - static void CloseTTFontFileFunc(FT_Stream stream) { -+ JNIEnv* env = (JNIEnv*) JNU_GetEnv(jvm, JNI_VERSION_1_2); - FTScalerInfo *scalerInfo = (FTScalerInfo *) stream->pathname.pointer; -- JNIEnv* env = scalerInfo->env; - jclass tmpClass = (*env)->FindClass(env, "sun/font/TrueTypeFont"); - jfieldID platNameField = - (*env)->GetFieldID(env, tmpClass, "platName", "Ljava/lang/String;"); -@@ -150,8 +150,8 @@ + } +@@ -152,8 +153,8 @@ unsigned char* destBuffer, unsigned long numBytes) { @@ -101,18 +87,18 @@ - JNIEnv* env = scalerInfo->env; jobject bBuffer; int bread = 0; - -@@ -245,8 +245,7 @@ + +@@ -230,8 +231,7 @@ if (scalerInfo == NULL) return 0; - + - scalerInfo->env = env; - scalerInfo->font2D = font2D; + scalerInfo->font2D = (*env)->NewGlobalRef(env, font2D); scalerInfo->fontDataOffset = 0; scalerInfo->fontDataLength = 0; scalerInfo->fileSize = filesize; -@@ -263,6 +262,7 @@ +@@ -248,6 +248,7 @@ */ error = FT_Init_FreeType(&scalerInfo->library); if (error) { @@ -120,7 +106,7 @@ free(scalerInfo); return 0; } -@@ -331,6 +331,7 @@ +@@ -316,6 +317,7 @@ } if (scalerInfo->fontData != NULL) free(scalerInfo->fontData); @@ -128,15 +114,16 @@ free(scalerInfo); return 0; } -@@ -391,8 +392,10 @@ +@@ -376,8 +378,10 @@ FTScalerContext *context) { int errCode = 0; - + - scalerInfo->env = env; - scalerInfo->font2D = font2D; + if (scalerInfo->font2D != NULL) { + (*env)->DeleteGlobalRef(env, scalerInfo->font2D); + } + scalerInfo->font2D = (*env)->NewGlobalRef(env, font2D); - - FT_Set_Transform(scalerInfo->face, &context->transform, NULL); + + if (context != NULL) { + FT_Set_Transform(scalerInfo->face, &context->transform, NULL); === modified file 'rules' --- rules 2015-04-15 18:34:25 +0000 +++ rules 2015-08-01 18:24:41 +0000 @@ -188,8 +188,8 @@ $(error unknown bootstrap method for architecture $(DEB_HOST_ARCH)) endif -OPENJDK_VERSION = b35 -OPENJDK_SRC_ZIP = openjdk-6-src-$(OPENJDK_VERSION)-14_apr_2015.tar.xz +OPENJDK_VERSION = b36 +OPENJDK_SRC_ZIP = openjdk-6-src-$(OPENJDK_VERSION)-22_jul_2015.tar.xz # the version of the build dependency for non-bootstrap builds; only adjust if # the package is installable on all these architectures. req_openjdk_bd_ver = 6b27
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.