lp://staging/ubuntu/natty-security/openjdk-6

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/natty-security/openjdk-6
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

148. By Steve Beattie

* SECURITY UPDATE: Update to IcedTea 6 1.11.4
  - Security fixes:
    - S7162476, CVE-2012-1682: XMLDecoder security issue via
      ClassFinder
    - S7163201, CVE-2012-0547: Simplify toolkit internals references
  - Bug fixes:
    - S7182135: Impossible to use some editors directly
    - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
      failed with NPE

147. By Steve Beattie

* Backport OpenJDK 6b24/IcedTea 1.11.3 to natty.
* debian/patches/java-access-bridge-security.patch: updated
* debian/control.zero-jre: add powerpc arch back, to get empty
  transitional package
* debian/rules: install README.Debian for openjdk-6-jre-zero to create
  empty transitional package and create package
* debian/README.Debian: explain openjdk-6-jre-zero went away
* regenerate debian/control

146. By Steve Beattie

* SECURITY UPDATE: update to IcedTea 6 1.10.6
  - Security fixes:
    - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
    - S7088367, CVE-2011-3563: Fix issues in java sound
    - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager
      method
    - S7110687, CVE-2012-0503: Issues with TimeZone class
    - S7110700, CVE-2012-0505: Enhance exception throwing mechanism
      in ObjectStreamClass
    - S7110704, CVE-2012-0506: Issues with some method in corba
    - S7112642, CVE-2012-0497: Incorrect checking for graphics
      rendering object
    - S7118283, CVE-2012-0501: Better input parameter checking in
      zip file processing
    - S7126960, CVE-2011-5035: (httpserver) Add property to limit
      number of request headers to the HTTP Server
  - Bug fixes:
    - RH580478: Desktop files should not use hardcoded path
    - S7034464: Support transparent large pages on Linux
    - S7037939: NUMA: Disable adaptive resizing if SHM large pages
      are used
    - S7102369, RH751203: remove java.rmi.server.codebase property
      parsing from registyimpl
    - S7094468, RH751203: rmiregistry clean up
    - S6851973, PR830: ignore incoming channel binding if acceptor
      does not set one
    - S7091528: javadoc attempts to parse .class files
* drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as
  it's included in the upstream release.

145. By Steve Beattie

debian/patches/openjdk-7103725-ssl_beast_regression.patch:
Add regression fix for broken ssl connectivity when using
TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761)

144. By Matthias Klose

* SECURITY UPDATE: IcedTea6 1.10.4 Release:
  - Security fixes:
    - S7000600, CVE-2011-3547: InputStream skip() information leak.
    - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
    - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
    - S7032417, CVE-2011-3552: excessive default UDP socket limit under
      SecurityManager.
    - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
    - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
      engine.
    - S7055902, CVE-2011-3521: IIOP deserialization code execution.
    - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
      error checks.
    - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
      against SSL/TLS (BEAST).
    - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
      PorterStemmer.
    - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
    - S7083012, CVE-2011-3557: RMI registry privileged code execution.
    - S7096936, CVE-2011-3560: missing checkSetFactory calls in
      HttpsURLConnection.

143. By Steve Beattie

* SECURITY UPDATE:
  - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent
    disabled get still selected for read ops (win)
  - S6618658, CVE-2011-0865: Vulnerability in deserialization
  - S7012520, CVE-2011-0815: Heap overflow vulnerability in
    FileDialog.show()
  - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
  - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
    bindings
  - S7013971, CVE-2011-0869: Vulnerability in SAAJ
  - S7016340, CVE-2011-0870: Vulnerability in SAAJ
  - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with
    scale close to zero
  - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
  - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address
    size variables
* debian/generate_debian_orig.sh: adjust settings to match the
  generation of this update.
* debian/patches/nonreparenting-wm.diff: refresh patch due to
  upstream change

142. By Matthias Klose

IcedTea6 1.10.1 release.

141. By Matthias Klose

* Update from the IcedTea6-1.10 release branch (20110325).
* Add multiarch directories to the default library path. LP: #737603.

140. By Matthias Klose

Upload to natty.

139. By Matthias Klose

Disable the jdk tests with the Shark, JamVM and Cacao VMs.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/oneiric/openjdk-6
This branch contains Public information 
Everyone can see this information.

Subscribers