乐胖代购免代理版

openjdk-11 (11.0.25+9-1) unstable; urgency=high * OpenJDK 11.0.25 release, build 9. - CVE-2024-21208 - CVE-2024-21210 - CVE-2024-21217 - CVE-2024-21235 [ Vladimir Petko ] * d/rules: do not include dtrace support for S390x (JDK-8305174). * d/t/problems.csv: Disable jdk/sun/security/util/Debug/DebugOptions.java due to JDK-8339713. -- Matthias Klose Thu, 17 Oct 2024 10:56:29 +0200 openjdk-11 (11.0.25~5ea-1) unstable; urgency=medium * OpenJDK 11.0.25+5 build (early access). [ Vladimir Petko ] * d/changelog: Remove trailing empty line. * d/copyright-generator/strip-common-licenses.sh: Add GPLv3 to the list of common licenses. * d/JB-*.overrides.in, d/s/lintian-overrides: Update lintian overrides. * d/p/jdk-8334895-proposed.patch: Fix typo in the patch description. * d/copyright: Regenerate. * d/t/problemlist.csv: Update problemlist.csv for July release * d/t/jtreg-autopkgtest.{in,sh}: Increase jtreg test timeouts. * Enable dtrace support. -- Matthias Klose Mon, 09 Sep 2024 16:06:26 +0200 openjdk-11 (11.0.24+8-2) unstable; urgency=medium [ Vladimir Petko ] * d/copyright: Regenerate copyright. * d/rules, d/t/*: Collate all excluded tests into d/problemlist.csv. * d/p/jdk-8336529-proposed.patch: Fix time_t migration issue on armhf openjdk is unable to set file last modified timestamp. * d/p/jdk-8334895-proposed.patch: Refresh patch. * d/rules: Relax jtreg7 version condition for backports. * d/rules, d/control.in: Depend on pkgconf rather than pkg-config in bookworm and later releases. This resolves lintian warning build-depends-on-obsolete-package Build-Depends: pkg-config => pkgconf. * d/rules: Drop autotools-dev dependency for the modern debhelper. This resolves obsolete autotools-dev dependency lintian warning. See #844191. -- Matthias Klose Tue, 30 Jul 2024 08:49:56 +0200 openjdk-11 (11.0.24+8-1) unstable; urgency=medium * OpenJDK 11.0.24 release, build 8. - CVEs: + CVE-2024-21147 + CVE-2024-21145 + CVE-2024-21140 + CVE-2024-21144 + CVE-2024-21131 + CVE-2024-21138 - Security Fixes: + JDK-8281658: New security category for -XshowSettings launcher option. + JDK-8316138: Added GlobalSign R46 and E46 root CA certificates. + JDK-8256660: Disabled DTLS 1.0. + JDK-8326891: Native executables and libraries on Linux use RPATH instead of RUNPATH. -- Matthias Klose Wed, 17 Jul 2024 13:18:57 +0200 openjdk-11 (11.0.24~7ea-1) unstable; urgency=medium * OpenJDK 11.0.24+7 build (early access). [ Vladimir Petko ] * d/p/*: Refresh patches. * d/rules, d/control: Use jtreg7, enable jtreg. * d/JB-demo.overrides.in: Add jar-contains-source override for SwingSet demo jar. * d/rules, d/copyright-generator/copyright-gen.py, d/copyright: Exclude test/jdk/sun/management/windows/revokeall.exe from orig tarball, format d/copyright-generator/copyright-gen.py. * d/p/8307977-proposed.diff: Rename to jdk-8307977-proposed.patch. * d/p/jdk-8334502.patch: Fix iso8601_utctime armhf function. * d/p/jtreg-location.diff: Drop patch as it is no longer needed for jtreg7. * d/rules: Include buildflags.mk to avoid errors due to undefined variables. [ Matthias Klose ] * Remove references to obsolete patches. Closes: #1067613. -- Matthias Klose Sat, 29 Jun 2024 10:11:23 +0200 openjdk-11 (11.0.23+9-1) unstable; urgency=high * OpenJDK 11.0.23 release, build 9. - CVE-2024-21011, 8319851: Improve exception logging. - CVE-2024-21068, 8322122: Enhance generation of addresses. - 8318340: Improve RSA key implementations. - CVE-2024-21012, 8315708: Enhance HTTP/2 client usage. - CVE-2024-21094, 8317507: Already fixed in November 2023: C2 compilation fails with "Exceeded _node_regs array". - CVE-2024-21085, 8322114: Improve Pack 200 handling. [ Pushkar Kulkarni ] * Use 64-bit clock_* function on archs like armhf. -- Matthias Klose Wed, 17 Apr 2024 15:39:11 +0200 openjdk-11 (11.0.23~7ea-1) unstable; urgency=medium * OpenJDK 11.0.23+7 build (early access). [ Matthias Klose ] * Update cups dependencies for time_t64. [ Pushkar Kulkarni ] * copyright-generator: Derive release from debian/rules. -- Matthias Klose Thu, 21 Mar 2024 01:56:26 +0100 openjdk-11 (11.0.22+7-3) unstable; urgency=medium * libcups2, libfontconfig1: Make it a recommends in jre-headless, a dependency in jre. * Make the dependencies for libfontmanager.so and libjsound.so recommendations in jre-headless, and dependencies in jre. * Drop build dependencies on libgtk2 | libgtk3. * Disable running the tests for the time_t64 bootstrap. -- Matthias Klose Mon, 11 Mar 2024 16:32:39 +0100 openjdk-11 (11.0.22+7-2) unstable; urgency=medium [ Matthias Klose ] * Add zero support for loong64 (Leslie Zhai). Closes: #1060821. * d/changelog: Whitespace cleanup. * Update build dependency on libfontconfig-dev. * Apply proposed patch for JDK-8307977. Closes: #1034600. [ Vladimir Petko ] * d/t/jtreg-autopkgtest.*: Set jtreg home property correctly. -- Matthias Klose Fri, 26 Jan 2024 21:04:10 +0100 openjdk-11 (11.0.22+7-1) unstable; urgency=high * OpenJDK 11.0.22 release, build 7. - CVEs: + CVE-2024-20918 + CVE-2024-20919 + CVE-2024-20921 + CVE-2024-20945 + CVE-2024-20952 - Security fixes: + JDK-8308204: Enhanced certificate processing. + JDK-8314295: Enhance verification of verifier. + JDK-8314307: Improve loop handling. + JDK-8314468: Improve Compiler loops. + JDK-8316976: Improve signature handling. + JDK-8317547: Enhance TLS connection support. + JDK-8314284: Enhance Nashorn performance (CVE-2024-20926). [ Vladimir Petko ] * Generate d/watch to cope with early access and release builds. * d/rules: Trim trailing whitespaces from debian/control. [ Pushkar Kulkarni ] * Minor improvements to the copyright-generator. -- Matthias Klose Wed, 17 Jan 2024 16:28:29 +0100 openjdk-11 (11.0.22~6ea-1) unstable; urgency=medium * OpenJDK 11.0.22+6 build (early access). [ Pushkar Kulkarni ] * debian/copyright: Update copyrights and notices, using a generator script. [ Vladimir Petko ] * d/copyright: Fix lintian warning. [ Matthias Klose ] * d/copyright: Fix source location. -- Matthias Klose Tue, 26 Dec 2023 13:23:50 +0100 openjdk-11 (11.0.21+9-1) unstable; urgency=high * OpenJDK 11.0.21 release, build 9. - CVE-2023-22081. - Release notes: https://www.oracle.com/java/technologies/javase/11-0-21-relnotes.html#R11_0_21 [ Vladimir Petko ] * d/test: update problemlist. * d/p: drop exclude-broken-tests.patch. * d/p/reproducible-properties-timestamp.diff: use the privileged action to read the system property (JDK-8272157, 914278). [ Matthias Klose ] * Build using GCC 13 on development versions. [ Pushkar Kulkarni ] * Handle limited ECC capabilities of NSS on older releases. -- Matthias Klose Wed, 18 Oct 2023 09:28:04 +0200 openjdk-11 (11.0.21~4ea-1) unstable; urgency=medium * OpenJDK 11.0.21 release, build 4 (early access). [ Vladimir Petko ] * d/copyright: remove liblcms from excluded files. * Refresh patch for 11.0.21+2 ea. * d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass. [ Matthias Klose ] * Explicitly configure --without-jtreg with the nocheck profile -- Matthias Klose Thu, 24 Aug 2023 12:53:49 +0200 openjdk-11 (11.0.20+8-1) unstable; urgency=high * OpenJDK 11.0.20 release, build 8. - CVE-2023-22041, CVE-2023-25193, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006. - Release notes: https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html#R11_0_20 * Link with --no-as-needed. Closes: #1031521. * Refresh patches. -- Matthias Klose Wed, 19 Jul 2023 08:40:22 +0200 openjdk-11 (11.0.20~7-1) unstable; urgency=medium * OpenJDK 11.0.20+7 build (early access). [ Vladimir Petko ] * debian/copyright: convert to a machine-readable format. * debian/copyright: align excludes statement with openjdk-17. * Provide versioned java-runtime, java-runtime-headless, java-sdk and java-sdk-headless virtual packages (Emmanuel Bourg). * Configure --with-stdc++lib=static on ia64. * Bump standards version. -- Matthias Klose Sat, 01 Jul 2023 09:11:49 +0200 openjdk-11 (11.0.19+7-1) unstable; urgency=high * OpenJDK 11.0.19 release, build 7. - CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html - d/p/*: refresh patches. [ Vladimir Petko ] * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre is set up. * d/p: drop obsolete patches (LP: #2011653). - workaround_expand_exec_shield_cs_limit.diff: obsoleted by hotspot-disable-exec-shield-workaround.diff. - generated-headers.patch: include is already added by openjdk makefile. - parallel-build-fix.diff: include is not necessary. * d/copyright, d/watch: implement uscan repackaging (LP: #2011749). * d/rules: use --with-debug-symbols=none (LP: #2003820). * d/control: add jtreg6 dependencies, regenerate control. * d/t/{jdk,hotspot,jaxp,langtools}: run tier1 and tier2 jtreg tests only, add test options from OpenJDK makefile. * d/t/*: fix test environment: add missing -nativepath (LP: #2001563). * d/t/jdk: provide dbus session for the window manager (LP: #2001576). * d/p/*: add patches for jtreg tests: - disable-thumb-assertion.patch: fix JDK-8305481. - update-assertion-for-armhf.patch: fix JDK-8305480. - log-generated-classes-test.patch: workaround JDK-8166162. - update-permission-test.patch: add security permissions for testng 7. - ldap-timeout-test-use-ip.patch, test-use-ip-address.patch: Ubuntu-specific patches to workaround missing DNS resolver on the build machines. - exclude_broken_tests.patch: quarantine failing tests. * d/rules: package external debug symbols (LP: #2015835). * drop d/p/{jaw-classpath.diff, jaw-optional.diff}: the atk wrapper is disabled and these patches cause class data sharing tests to fail (LP: #2016194). * d/p/exclude-broken-tests.patch: add OpenJDK 11 failures. * d/t/jtreg-autopkgtest.in: pass JTREG home to locate junit.jar, regenerate d/t/jtreg-autopkgtest.sh (LP: #2016206). * d/t/control.in: disable jtreg autopkgtests in line with openjdk 17, regenerate control (LP: #2016438). * d/rules: pack external debug symbols with build-id, do not pack duplicate symbols, do not strip JVM shared libraries (LP: #2012326, LP: #2016739). * d/rules: always use jtreg6. [ Matthias Klose ] * d/rules: Fix using CC/CXX for recent releases. -- Matthias Klose Sun, 11 Jun 2023 12:55:28 +0200 openjdk-11 (11.0.18+10-1) unstable; urgency=high * OpenJDK 11.0.18+10 build (release). - CVE-2023-21835, CVE-2023-21843 - Release notes: https://www.oracle.com/java/technologies/javase/11-0-18-relnotes.html [ Matthias Klose ] * Handle jtreg package name for backports. [ Vladimir Petko ] * debian/patches/*: Refreshed patches for the new release and dropped unused patches. * debian/watch: use jdk11u repository as upstream. * debian/rules: add lunar to jtreg version selection. -- Matthias Klose Thu, 26 Jan 2023 10:46:52 +0100 openjdk-11 (11.0.17+8-2) unstable; urgency=medium * Bump build dependencies on jtreg. -- Matthias Klose Wed, 19 Oct 2022 16:06:55 +0200 openjdk-11 (11.0.17+8-1) unstable; urgency=high * OpenJDK 11.0.17+8 build (release). * Security fixes - JDK-8289366: Improve HTTP/2 client usage. - JDK-8288508: Enhance ECDSA usage. - JDK-8286918: Better HttpServer service. - JDK-8287446: Enhance icon presentations. - JDK-8286910: Improve JNDI lookups. - JDK-8286511: Improve macro allocation. - JDK-8286526: Improve NTLM support. - JDK-8286533: Key X509 usages. - JDK-8286077: Wider MultiByte conversions. - JDK-8286519: Better memory handling. - JDK-8285662: Better permission resolution. - JDK-8282252: Improve BigInteger/Decimal validation. * Build using GCC 12 in recent development distros. * Don't install the security/blacklisted.certs symlink anymore. Closes: #1021866. -- Matthias Klose Wed, 19 Oct 2022 06:48:12 +0200 openjdk-11 (11.0.16+8-1) unstable; urgency=high * OpenJDK 11.0.16+8 build (release). * Security fixes - JDK-8277608: Address IP Addressing. - JDK-8272243: Improve DER parsing. - JDK-8272249: Better properties of loaded Properties. - JDK-8281859, CVE-2022-21540: Improve class compilation. - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations. - JDK-8283190: Improve MIDI processing. - JDK-8284370: Improve zlib usage. - JDK-8285407, CVE-2022-34169: Improve Xalan supports. -- Matthias Klose Wed, 20 Jul 2022 10:54:16 +0200 openjdk-11 (11.0.15+10-1) unstable; urgency=high * OpenJDK 11.0.15+10 build (release). * Security fixes - JDK-8269938: Enhance XML processing passes redux. - JDK-8270504, CVE-2022-21426: Better XPath expression handling. - JDK-8272255: Completely handle MIDI files. - JDK-8272261: Improve JFR recording file processing. - JDK-8272594: Better record of recordings. - JDK-8274221: More definite BER encodings. - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0. - JDK-8275151, CVE-2022-21443: Improved Object Identification. - JDK-8277227: Better identification of OIDs. - JDK-8277672, CVE-2022-21434: Better invocation handler handling. - JDK-8278356: Improve file creation. - JDK-8278449: Improve keychain support. - JDK-8278798: Improve supported intrinsic. - JDK-8278805: Enhance BMP image loading. - JDK-8278972, CVE-2022-21496: Improve URL supports. - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo. * Refresh patches. -- Matthias Klose Mon, 02 May 2022 19:42:14 +0200 openjdk-11 (11.0.14.1+1-1) unstable; urgency=medium * OpenJDK 11.0.14.1+1 build (release). - Fix JDK-8218546. LP: #1966338. -- Matthias Klose Sun, 27 Mar 2022 11:16:07 +0200 openjdk-11 (11.0.14+9-1) unstable; urgency=high * OpenJDK 11.0.14+9 build (release). * Security fixes - JDK-8217375: jarsigner breaks old signature with long lines in manifest. - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside. - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization. - JDK-8268488: More valuable DerValues. - JDK-8268494: Better inlining of inlined interfaces. - JDK-8268512: More content for ContentInfo. - JDK-8268795: Enhance digests of Jar files. - JDK-8268801: Improve PKCS attribute handling. - JDK-8268813, CVE-2022-21283: Better String matching. - JDK-8269151: Better construction of EncryptedPrivateKeyInfo. - JDK-8269944: Better HTTP transport redux. - JDK-8270386, CVE-2022-21291: Better verification of scan methods. - JDK-8270392, CVE-2022-21293: Improve String constructions. - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps. - JDK-8270492, CVE-2022-21282: Better resolution of URIs. - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management. - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities. - JDK-8270952, CVE-2022-21277: Improve TIFF file handling. - JDK-8271962: Better TrueType font loading. - JDK-8271968: Better canonical naming. - JDK-8271987: Manifest improved manifest entries. - JDK-8272014, CVE-2022-21305: Better array indexing. - JDK-8272026, CVE-2022-21340: Verify Jar Verification. - JDK-8272236, CVE-2022-21341: Improve serial forms for transport. - JDK-8272272: Enhance jcmd communication. - JDK-8272462: Enhance image handling. - JDK-8273290: Enhance sound handling. - JDK-8273756, CVE-2022-21360: Enhance BMP image support. - JDK-8273838, CVE-2022-21365: Enhanced BMP processing. - JDK-8274096, CVE-2022-21366: Improve decoding of image files. - JDK-8279541: Improve HarfBuzz. -- Matthias Klose Wed, 19 Jan 2022 11:05:38 +0100 openjdk-11 (11.0.13+8-1) unstable; urgency=medium * OpenJDK 11.0.13+8 build (release). * Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization * Remove patches applied upstream. -- Matthias Klose Wed, 20 Oct 2021 11:01:48 +0200 openjdk-11 (11.0.12+7-2) unstable; urgency=high * OpenJDK 11.0.12+7 build (release). * Security fixes: - JDK-8256157: Improve bytecode assembly. - JDK-8256491: Better HTTP transport. - JDK-8258432, CVE-2021-2341: Improve file transfers. - JDK-8260453: Improve Font Bounding. - JDK-8260960: Signs of jarsigner signing. - JDK-8260967, CVE-2021-2369: Better jar file validation. - JDK-8262380: Enhance XML processing passes. - JDK-8262403: Enhanced data transfer. - JDK-8262410: Enhanced rules for zones. - JDK-8262477: Enhance String Conclusions. - JDK-8262967: Improve Zip file support. - JDK-8264066, CVE-2021-2388: Enhance compiler validation. - JDK-8264079: Improve abstractions. - JDK-8264460: Improve NTLM support. * Encode the early-access status into the package version. LP: #1934895. -- Matthias Klose Wed, 21 Jul 2021 09:03:54 +0200 openjdk-11 (11.0.12+6-1) unstable; urgency=medium * OpenJDK 11.0.12+6 build (early access). -- Matthias Klose Wed, 07 Jul 2021 12:00:44 +0200 openjdk-11 (11.0.12+4-1) unstable; urgency=medium * OpenJDK 11.0.12+4 build (early access). * Don't apply the m68k-support patch, needs an update. -- Matthias Klose Thu, 27 May 2021 11:37:31 +0200 openjdk-11 (11.0.11+9-1) unstable; urgency=high * OpenJDK 11.0.11+9 build (release). * Security fixes: - JDK-8244473: Contextualize registration for JNDI. - JDK-8244543: Enhanced handling of abstract classes. - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543. - JDK-8250568: Less ambiguous processing (CVE-2021-2161). - JDK-8253799: Make lists of normal filenames. - JDK-8261183: Follow on to Make lists of normal filenames. - JDK-8249906: Enhance opening JARs (CVE-2021-2163). - JDK-8258247: Couple of issues in fix for JDK-8249906. - JDK-8259428: AlgorithmId.getEncodedParams() should return copy. - JDK-8257001: Improve HTTP client support. -- Matthias Klose Tue, 20 Apr 2021 20:21:22 +0200 openjdk-11 (11.0.11+8-1) unstable; urgency=medium * OpenJDK 11.0.11+8 build (early access). * Set DEB_BUILD_MAINT_OPTIONS = optimize=-lto, not yet ready. Looks like 16 and 17 are buildable with lto. * Remove dangling jfr alternative on upgrades if no jdk is installed (Andreas Beckmann). Closes: #985060. * Use mktemp instead of tempfile in maintainer scripts (Andreas Beckmann). * Backport fix for JDK-8262085, hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux. Closes: #967049. -- Matthias Klose Thu, 01 Apr 2021 12:24:55 +0200 openjdk-11 (11.0.11+7-1) unstable; urgency=medium * OpenJDK 11.0.11+7 build (early access). * Simplify compiler selection for backports. * Don't use the triplet-prefixed binutils tools for backports. -- Matthias Klose Thu, 18 Mar 2021 09:49:54 +0100 openjdk-11 (11.0.11+4-1) unstable; urgency=medium * OpenJDK 11.0.11+4 build (early access). * reproducible-build-jmod.diff: Fall back to the unpatched behavior for backports. * Only build with system harfbuzz for recent releases. * Configure --with-copyright-year. Closes: #956154. -- Matthias Klose Thu, 25 Feb 2021 11:54:00 +0100 openjdk-11 (11.0.11+3-3) experimental; urgency=medium * Fix the build logic, jaotc and jhsdb tools not available on all archs. * Ship the jfc files used by jfr. * Move libawt_xawt.so, libjawt.so into the jre package. Closes: #908058. -- Matthias Klose Sat, 20 Feb 2021 09:12:35 +0100 openjdk-11 (11.0.11+3-2) experimental; urgency=medium * OpenJDK 11.0.11+3 build (early access). * Use debugedit to generate unique build-id's and remove the openjdk-N-dbg file conflicts. Closes: #919671. * Remove KFreeBSD build support and patches, not updated since OpenJDK 8. * Backport JDK-8222825. Closes: #960153. * Build with Rules-Requires-Root: no. * Move the jfr binary from -jre-headless to -jdk-headless. Development tool. -- Matthias Klose Fri, 19 Feb 2021 13:54:09 +0100 openjdk-11 (11.0.10+9-1) unstable; urgency=high * OpenJDK 11.0.10+9 build (release). * Security fixes: - JDK-8247619: Improve Direct Buffering of Characters. * Other changes: See https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-January/004689.html * Update copyright years. -- Matthias Klose Wed, 20 Jan 2021 10:42:16 +0100 openjdk-11 (11.0.10+8-1) unstable; urgency=medium * OpenJDK 11.0.10+8 build (early access). * Build with system harfbuzz. * Refresh patches. * Don't run the autopkg tests. There's no value running all the internal tests as an autopkg test, when these are already run during the build. * Update VCS attributes. * Bump standards version. -- Matthias Klose Wed, 30 Dec 2020 13:50:32 +0100 openjdk-11 (11.0.9.1+1-1) unstable; urgency=medium * OpenJDK 11.0.9.1+1 build (release). * Configure --with-jvm-features=shenandoahgc for hotspot builds. LP: #1902029. -- Matthias Klose Thu, 05 Nov 2020 14:32:42 +0100 openjdk-11 (11.0.9+11-1) unstable; urgency=medium * OpenJDK 11.0.9+11 build (release). * Security fixes: - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995, CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM Interning - JDK-8241114, CVE-2020-14792: Better range handling - JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685, CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced buffer support - JDK-8243302: Advanced class supports - JDK-8244136, CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407: Enhance zoning of times - JDK-8245412: Better class definitions - JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - JDK-8253019: Enhanced JPEG decoding [ Tiago Stürmer Daitx ] * debian/rules: - copy apport hook to source_$(PKGSOURCE).py, fixes apport on Ubuntu where source name is openjdk-lts instead of openjdk-11. * Refresh patches. [ Matthias Klose ] * Don't run the jdk tests as an autopkg test, taking too long. * Call strip-nondeterminism before computing jmod hashes (Julian Gilbey). Closes: #944738. * Build with GCC 10 in current development versions. Closes: #972288. -- Matthias Klose Wed, 21 Oct 2020 19:38:16 +0200 openjdk-11 (11.0.8+10-1) unstable; urgency=high * OpenJDK 11.0.8+10 build (release). * Security fixes: - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8238013: Enhance String writing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238925: Enhance WAV file playback - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux [ Tiago Stürmer Daitx ] * d/p/default-jvm-cfg.diff: updated patch. * d/p/8214571.diff, d/p/8228407.diff: applied by upstream, removed patches. [ Matthias Klose ] * Don't try to run autopkg tests on armel, mipsel, mips64el. * debian/copyright (remove licenses not found anymore in the sources): - Little CMS, libpng, GIFLIB. * Prepare to Build using GCC 10. -- Matthias Klose Wed, 22 Jul 2020 14:26:43 +0200 openjdk-11 (11.0.7+10-3) unstable; urgency=high * Backport the fix for JDK-8214571, -Xdoclint of array serialField gives "error: array type not allowed here". Introduced with 11.0.7. * Enable running the testsuite on release architectures. -- Matthias Klose Thu, 16 Apr 2020 14:40:58 +0200 openjdk-11 (11.0.7+10-2) unstable; urgency=high * Backport the fix for 8228407, JVM crashes with shared archive file mismatch. * Enable again bootcycle build for all hotspot architectures. * Build again with -march=zEC12 on Ubuntu/s390x. -- Matthias Klose Wed, 15 Apr 2020 16:03:23 +0200 openjdk-11 (11.0.7+10-1) unstable; urgency=high * OpenJDK 11.0.7+10 build (release). * Security fixes - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8226346: Build better binary builders - JDK-8227467: Better class method invocations - JDK-8227542: Manifest improved jar headers - JDK-8229733: TLS message handling improvements - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8231785: Improved socket permissions - JDK-8232424, CVE-2020-2778: More constrained algorithms - JDK-8232581, CVE-2020-2767: Improve TLS verification - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap [ Matthias Klose ] * Refresh patches. * Configure --with-jtreg=/usr/share/jtreg. * Enable the buildwatch script on sh4 (Adrian Glaubitz). Closes: #956728. * Build with -march=z13 -mtune=z15 on Ubuntu/s390x. -- Matthias Klose Wed, 15 Apr 2020 11:11:42 +0200 openjdk-11 (11.0.7+9-1) unstable; urgency=medium * OpenJDK 11.0.7+9 build (early access). * Make autopkgtests cross-test-friendly (Steve Langasek). LP: #1861467. * d/tests/jtreg-autopkgtest.in: keep generated hs_err log files with test artifacts to improve later debug (Tiago Stürmer Daitx). * d/tests/jtdiff-autopkgtest.in: set default vm to correctly locate (Tiago Stürmer Daitx) * jhsdb isn't built on sh4 (Adrian Glaubitz). Closes: #951774. -- Matthias Klose Thu, 26 Mar 2020 08:33:35 +0100 openjdk-11 (11.0.6+10-2) unstable; urgency=medium * Fix FTCBFS (Helmut Grohne). Addresses: #949460. - Missing Build-Depends: zlib1g-dev:native. - Use triplet-prefixed objcopy and strip. * Bump standards version. -- Matthias Klose Wed, 12 Feb 2020 08:40:22 +0100 openjdk-11 (11.0.6+10-1) unstable; urgency=high * OpenJDK 11.0.6+10 build (release). - S8220598: Malformed copyright year range in a few files in java.base. - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets. - S8225261: Better method resolutions. - S8225279: Better XRender interpolation. - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities. - S8227758: More valid PKIX processing. - S8227816: More Colorful ICC profiles. - S8228548, CVE-2020-2593: Normalize normalization for all. - S8229728: Implement negotiation parameters. - S8229951, CVE-2020-2601: Better Ticket Granting Services. - S8230279: Improve Pack200 file reading. - S8230318: Better trust store usage. - S8230967: Improve Registry support of clients. - S8231139: Improved keystore support. - S8231422, CVE-2020-2604: Better serial filter handling. - S8231780, CVE-2020-2655: Better TLS messaging support. - S8231790: Provide better FileSystemProviders. - S8232419: Improve Registry registration. - S8234037, CVE-2020-2654: Improve Object Identifier Processing. * Disable zero on sparc64 (Adrian Glaubitz). Closes: #942030. * Make the generated character data source files reproducible (Emmanuel Bourg). Closes: #933339. * Make the generated module-info.java files reproducible (Emmanuel Bourg). Closes: #933342. * Make the generated copyright headers reproducible (Emmanuel Bourg). Closes: #933349. * Make the build user reproducible (Emmanuel Bourg). Closes: #933373. -- Matthias Klose Wed, 15 Jan 2020 01:09:36 +0100 openjdk-11 (11.0.6+7-1) unstable; urgency=medium * OpenJDK 11.0.6+7 build (early access). -- Matthias Klose Fri, 13 Dec 2019 14:52:21 +0100 openjdk-11 (11.0.5+10-2) unstable; urgency=medium * Fix the jtreg consistency check when building without jtreg. * Don't call dh_strip_nondeterminism when building for older releases. * Fix disabling the zero build on arm64 on trusty. -- Matthias Klose Thu, 17 Oct 2019 22:04:30 +0200 openjdk-11 (11.0.5+10-1) unstable; urgency=high * OpenJDK 11.0.5+10 build (release). - S8209901: Canonical file handling. - S8213429, CVE-2019-2933: Windows file handling redux. - S8218573, CVE-2019-2945: Better socket support. - S8218877: Help transform transformers. - S8219914: Change the environment variable for Java Access Bridge logging to have a directory. - S8220186: Improve use of font temporary files. - S8220302, CVE-2019-2949: Better Kerberos ccache handling. - S8221497: Optional Panes in Swing. - S8221858, CVE-2019-2958: Build Better Processes. - S8222684, CVE-2019-2964: Better support for patterns. - S8222690, CVE-2019-2962: Better Glyph Images. - S8223163: Better pattern recognition. - S8223505, CVE-2019-2973: Better pattern compilation. - S8223518, CVE-2019-2975: Unexpected exception in jjs. - S8223886: Add in font table referene. - S8223892, CVE-2019-2978: Improved handling of jar files. - S8224025: Fix for JDK-8220302 is not complete. - S8224062, CVE-2019-2977: Improve String index handling. - S8224532, CVE-2019-2981: Better Path supports. - S8224915, CVE-2019-2983: Better serial attributes. - S8225286, CVE-2019-2987: Better rendering of native glyphs. - S8225292, CVE-2019-2988: Better Graphics2D drawing. - S8225298, CVE-2019-2989: Improve TLS connection support. - S8225597, CVE-2019-2992: Enhance font glyph mapping. - S8226765, CVE-2019-2999: Commentary on Javadoc comments. - S8227601: Better collection of references. - S8228825, CVE-2019-2894: Enhance ECDSA operations. -- Matthias Klose Wed, 16 Oct 2019 10:41:31 +0200 openjdk-11 (11.0.5+9-1) unstable; urgency=medium * OpenJDK 11.0.5+9 build (early access). * Bump standards version. * Use dh_strip_nondeterminism (Emmanuel Bourg). Closes: #933389. * Fix 8230708, server build on sparc64 (Adrian Glaubitz). Closes: #939565. * Fix FTBFS with DEB_BUILD_PROFILES=nocheck (Helmut Grohne). Closes: #939521. * Add more breaks to the openjdk-11-jre-headless package. Closes: #935624. * Fix debug and src symlinks. Closes: #893134, #910694, #910696. -- Matthias Klose Mon, 07 Oct 2019 11:00:49 +0200 openjdk-11 (11.0.5+6-2) unstable; urgency=medium * Fix 8230708, build failure on sparc64 (Adrian Glaubitz). * Disable the zero build on armhf. -- Matthias Klose Fri, 06 Sep 2019 17:54:18 +0200 openjdk-11 (11.0.5+6-1) unstable; urgency=medium * OpenJDK 11.0.5+6 build (early access). [ Matthias Klose ] * Tighten dependency on jtreg. * Build using GCC 9 on recent development releases. * Refresh patches. [ Tiago Stürmer Daitx ] * Properly generate Breaks: rules for bionic (fix typo). * Remove libgtk-3-dev from build-deps: libgtk-3-dev is not actually required, package builds fine without it; libgtk2.0-0 or libgtk-3-0 should be explicitly declared instead in bdeps and tests; libxrandr-dev should be explicitly added as it is required and was being included due to libgtk-3-dev dependency. * Set minimum dependency on jtreg based on testsuite requirements. * Fail during pre-build if installed jtreg version is lower then the minimum required version. * Improve and fix build tests and autopkgtests: - Depend on default-jre-headless so jtreg will use the JRE from /usr/default-java; remove JT_JAVA exports as it no longer needs to be set. - Update debian/tests/hotspot,jdk,langtools to ignore jtreg-autopkgtest.sh return code. - Create debian/tests/jtdiff-autopkgtest.in as it depends on debian/rules variables. - debian/tests/jtreg-autopkgtest.sh: + Enable retry of failed tests to trim out flaky tests. + Fix unbound variable. + Keep .jtr files from failed tests only. - debian/tests/jtdiff-autopkgtest.sh: + Fail only if an actual regression is detected. + Add the super-diff comparison from jtdiff. - debian/rules: + Preserve all JTreport directories in the test output directory. + Use JDK_DIR instead of JDK_TO_TEST for autopkgtest generation. + Package all .jtr files from JTwork as jtreg-autopkgtest.sh makes sure it contains only failing tests. -- Matthias Klose Wed, 04 Sep 2019 16:48:18 +0200 openjdk-11 (11.0.4+11-1) unstable; urgency=high * OpenJDK 11.0.4+11 build (release). - S8212328, CVE-2019-2762: Exceptional throw cases. - S8213431, CVE-2019-2766: Improve file protocol handling. - S8213432, CVE-2019-2769: Better copies of CopiesList. - S8216381, CVE-2019-2786: More limited privilege usage. - S8217563: Improve realm maintenance. - S8218863: Better endpoint checks. - S8218873: Improve JSSE endpoint checking. - S8218876, CVE-2019-7317: Improve PNG support options. - S8219775: Certificate validation improvements. - S8220517: Enhanced GIF support. - S8221345, CVE-2019-2818: Better Poly1305 support. - S8221518, CVE-2019-2816: Normalize normalization. - S8222678, CVE-2019-2821: Improve TLS negotiation. * Fix more build issues for Ubuntu precise builds. * Bump standards version. -- Matthias Klose Wed, 17 Jul 2019 02:28:36 +0200 openjdk-11 (11.0.4+10-1) unstable; urgency=medium * OpenJDK 11.0.4+10 build (early access). * Add riscv64 support for zero (Ed Nevill). * Fix build dependencies for Ubuntu precise builds. * Fix dependency generation on the libjpeg runtime. Closes: #927965. * Drop dependency on transitional libgl1-mesa-glx package. Closes: #930611. -- Matthias Klose Tue, 02 Jul 2019 14:39:16 +0200 openjdk-11 (11.0.4+9-1) unstable; urgency=medium * OpenJDK 11.0.4+9 build (early access). * Add another break for libequinox-osgi-java (<< 3.9.1). Closes: #931115. -- Matthias Klose Wed, 26 Jun 2019 13:51:07 +0200 openjdk-11 (11.0.4+8-1) unstable; urgency=medium * OpenJDK 11.0.4+8 build (early access). * Apply patch for JDK-8225716. -- Matthias Klose Sat, 22 Jun 2019 17:58:57 +0200 openjdk-11 (11.0.4+6-1) experimental; urgency=medium * OpenJDK 11.0.4+6 build (early access). -- Matthias Klose Thu, 06 Jun 2019 07:28:57 +0200 openjdk-11 (11.0.4+4-1) unstable; urgency=medium * OpenJDK 11.0.4+4 build (early access). * Configure with --with-version-pre='ea' for upstream tags which are not upstream releases (has to be set manually). Not enabled during the buster freeze. * Allow to skip the bootcycle build (DEB_BUILD_OPTIONS=nobootcycle). * Add a watch file (Paul Wise). * Print some information about the host configuration before starting the build. -- Matthias Klose Wed, 29 May 2019 07:56:31 +0200 openjdk-11 (11.0.4+2-1) unstable; urgency=medium * OpenJDK 11.0.4+2 build. * Fix src.zip symlink. Closes: #928369. * Tighten dependency on ca-certificates-java. Closes: #914860. * Refresh patches. -- Matthias Klose Tue, 14 May 2019 17:42:59 +0200 openjdk-11 (11.0.4+1-1) unstable; urgency=medium * OpenJDK 11.0.4+1 build. -- Matthias Klose Sun, 05 May 2019 17:45:57 +0200 openjdk-11 (11.0.3+7-4) unstable; urgency=medium * Apply updates from jdk11u-dev: - 8218618: Program fails when using JDK addressed by UNC path and using Security Managerdefault tip. - 8221924: get(null) on single-entry unmodifiable Map returns null instead of throwing NPE. * Install jspawnhelper. -- Matthias Klose Thu, 25 Apr 2019 10:13:49 +0200 openjdk-11 (11.0.3+7-3) unstable; urgency=medium * Add breaks to the openjdk-11-jre-headless package: - For unattended upgrades: jetty9, netbeans, tomcat8, visualvm. - For eclipse 3.8 removal: eclipse-platform. Closes: #925071. - For configuration with vendor flag: libreoffice-core. * Apply updates from jdk11u-dev, and remove locally applied patches: - 8206955: MethodHandleProxies.asInterfaceInstance does not support default methodsdefault tip. - 8221304: Problem list java/awt/FontMetrics/MaxAdvanceIsMax.java. - 8218854: FontMetrics.getMaxAdvance may be less than the maximum FontMetrics.charWidth. - 8214002: Cannot use italic font style if the font has embedded bitmap. - 8222522: Add configure options for Mac Bundle creation. - 8221880: Better customization for Windows RC properties FileDescription and ProductName. - 8222133: Add temporary exceptions for root certs that are due to expire soon. - 8222089: [TESTBUG] sun/security/lib/cacerts/VerifyCACerts.java fails due to cert within 90-day expiry window. - 8170494: JNI exception pending in PlainDatagramSocketImpl.c. - 8217879: hs_err should print more instructions in hex dump. - 8222410: java/nio/file/attribute/BasicFileAttributeView/UnixSocketFile hangs when "nc" does not accept "-U". - 8222397: x86_32 tests with UseSHA1Intrinsics SEGV due to garbled registers. - 8209914: javadoc search sometimes generates bad URIs. - 8218020: Fix version number in mesa.md 3rd party legal file. - 8188133: C2: Static field accesses in clinit can trigger deoptimizations. - 8215472: (zipfs) Cleanups in implementation classes of jdk.zipfs and tests. - 8211266: [TESTBUG] ZipFSTester.java failed intermittently in ZipFSTester.checkRead(): bound must be positive. - 8210899: (zipfs) ZipFileSystem.EntryOutputStreamCRC32 mistakenly set the crc32 value into size field. - 8217647: JFR: recordings on 32-bit systems unreadable. - 8216970: condy causes JVM crash. - 8222032: x86_32 fails with "wrong size of mach node" on AVX-512 machine. - 8221917: serviceability/sa/TestPrintMdo.java fails on 32-bit platforms. - 8220349: The fix done for JDK-8214253 have caused issues in JTree behaviour. - 8221833: Readability check in Symbol::is_valid not performed for some addresses. - 8220441: [PPC64] Clobber memory effect missing for memory barriers in atomics. - 8218991: s390: Add intrinsic for GHASH algorithm. - 8220625: tools/javac/classreader/8171132/BadConstantValue.java failed with "did not see expected error". -- Matthias Klose Wed, 24 Apr 2019 10:21:11 +0200 openjdk-11 (11.0.3+7-2) unstable; urgency=medium * Fix 8210739: Calling JSpinner's setFont with null throws NullPointerException. * Fix 8210483: AssertionError in DeferredAttr at setOverloadKind caused by JDK-8203679. -- Matthias Klose Thu, 18 Apr 2019 04:54:26 +0200 openjdk-11 (11.0.3+7-1) unstable; urgency=high * OpenJDK 11.0.3+7 build. - Security fixes: - S8211936, CVE-2019-2602: Better String parsing. - S8218453, CVE-2019-2684: More dynamic RMI interactions. - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID(). * Support using the Java ATK wrapper (Samuel Thibault). Closes: #900912. - patches/jaw-classpath.diff: Fix finding the Java ATK wrapper. - patches/jaw-optional.diff: Make failing to load the Java ATK wrapper non-fatal. -- Matthias Klose Wed, 17 Apr 2019 04:16:16 +0200 openjdk-11 (11.0.3+5-1) unstable; urgency=medium * OpenJDK 11.0.3+5 build. * Annotate the bootstrap dependency with :native. -- Matthias Klose Tue, 02 Apr 2019 13:44:12 +0200 openjdk-11 (11.0.3+4-3) unstable; urgency=medium [ Matthias Klose ] * Build the alternate zero VM using the just built hotspot VM. * Remove the icedtea-sound/pulseaudio build support. * Remove some xulrunner build bits. [ Tiago Stürmer Daitx ] * Install swing.properties into /conf instead of /lib. -- Matthias Klose Fri, 29 Mar 2019 09:06:03 +0100 openjdk-11 (11.0.3+4-2) unstable; urgency=medium [ Matthias Klose ] * Configure with vendor flags. * Work around the missing gcc-for-host b-d for cross builds. * Backport fix for 8221083, wrong oop compare in C1-generated code (PPC). [ Tiago Stürmer Daitx ] * Revert to GTK2 as default since GTK3 still has padding and component issues, apply upstream changeset to fix a few GTK3 components: LP: #1770278. - debian/patches/jdk-improve-gtk3-compatibility.patch: upstream fix for JDK-8218469, JDK-8218470, JDK-8218472, and JDK-8203627. - debian/patches/keep-gtk2-as-default.patch: revert upstream so GTK2 is loaded before GTK3 when available. - debian/rules, debian/control: Set jre to depend on libgtk2.0-0 and alternatively to libgtk-3-0. -- Matthias Klose Thu, 28 Mar 2019 10:50:31 +0100 openjdk-11 (11.0.3+4-1) unstable; urgency=medium * OpenJDK 11.0.3+4 build. * Fix the wrong assumption in the autopkg tests that the OpenJDK is the same as the default JDK. * Don't prune the build trees before running the tests. -- Matthias Klose Thu, 21 Mar 2019 14:57:00 +0100 openjdk-11 (11.0.3+1-1) unstable; urgency=medium * OpenJDK 11.0.3+1 build. * Attribute test dependencies with . * Add support for DCEVM on am64 and i386. Closes: #921419. * Check for nodoc instead of nodocs in DEB_BUILD_OPTIONS. Addresses: #922761. -- Matthias Klose Wed, 27 Feb 2019 15:44:14 +0100 openjdk-11 (11.0.2+9-3) unstable; urgency=medium * Fix Zero on sparc64 (Adrian Glaubitz). Closes: #920315. * Link zero on alpha with --no-relax (Michael Cree). Addresses: #920161. * Don't run the tests on alpha, causing build failure. * jhsdb isn't built on alpha. * Backport the fix for 8214002 (cannot use italic font style if the font has embedded bitmap). LP: #1799014. -- Matthias Klose Thu, 24 Jan 2019 15:11:52 +0100 openjdk-11 (11.0.2+9-2) unstable; urgency=medium * Fix file permissions for autopkg tests. -- Matthias Klose Tue, 22 Jan 2019 16:11:10 +0100 openjdk-11 (11.0.2+9-1) unstable; urgency=high * OpenJDK 11.0.2 release (build 9). [ Matthias Klose ] * Backport the fix for S8212233. Closes: #920020, #919798. [ Tiago Stürmer Daitx ] * debian/buildwatch.sh: use same code from openjdk-8. * debian/control.in, debian/control: - add fixed build depends for jtreg and xfvb. - remove Conflicts: oracle-java11-installer. (LP: #1782630) * debian/rules: - call the same testsuites scripts used for autopkgtest. - removed jtreg and xvfb build dependency logic and moved the bdeps into debian/control.in. - added gen-autopackage rule to generate autopkgtest scripts from templates. - copy flight recorder configuration files. - fix logging in langtools testing. - don't ignore/exclude the release file from the jdk package, it is required by jtreg tests and autopkgtests will fail without it. - don't run nashorn testsuite. * update dep8 tests: - debian/tests/control: updated to run openjdk-11 tests. - debian/tests/hotspot, debian/tests/jaxp, debian/tests/jdk, debian/tests/langtools: use the new jt .sh scripts. - debian/tests/jtdiff-autopkgtest.sh: diff build time and autopkgtest JTreports to show what changed. - debian/tests/jtreg-autopkgtest.in: template to generate the jtreg script used by the autopkgtest tests. - debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report any differences between the autopkgtest and the tests results generated during the openjdk package build. - debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg and put the resulting artifacts in the right places, by default will remove all non .jtr files after it is done to preserve space. - debian/tests/hotspot, debian/tests/jaxp, debian/tests/jdk, debian/tests/langtools: run same testsuites as build time and compare the results. - debian/tests/valid-tests: no longer needed, removed. -- Matthias Klose Tue, 22 Jan 2019 13:15:59 +0100 openjdk-11 (11.0.2+7-1) unstable; urgency=high * OpenJDK 11.0.2 release. * Update VCS attributes in the control file. Closes: #909736. * Prefer OpenJDK 11 over OpenJDK 10 as the bootstrap OpenJDK for recent releases. Closes: #915600. -- Matthias Klose Wed, 16 Jan 2019 21:40:44 +0100 openjdk-11 (11.0.1+13-3) unstable; urgency=medium * Tighten dependency on debhelper on recent releases. Closes: #911694. * Reproducible properties file header when SOURCE_DATE_EPOCH is specified. Closes: #914278. * Add SOURCE_DATE_EPOCH support to the javadoc tool. Closes: #783938. * Disable AArch64 intrinsics for sin, cos and log. Closes: #910188. LP: #1796982. * Add support for DEB_BUILD_OPTIONS=terse. Closes: #912211. -- Matthias Klose Fri, 30 Nov 2018 11:40:28 +0100 openjdk-11 (11.0.1+13-2) unstable; urgency=high * OpenJDK 11.0.1 release. [ Tiago Stürmer Daitx ] * debian/rules: - limit the tests that we run for the hotspot, langtools, and jdk testsuites to improve build times and also to prevent running unstable or failing tests. - fix 'if' clause for definition of the TIME command. - remove guava jar from test classpath, no longer required. * debian/control, debian/control.in: add a breaks clause to clojure1.8 <= 1.8.0-7ubuntu1~. -- Matthias Klose Wed, 17 Oct 2018 09:31:38 +0200 openjdk-11 (11~28-3) unstable; urgency=medium * Build-depend on testng. * Drop the jdk-freetypeScaler-crash patch. Closes: #905718. * Don't run the tests on armel and mips*. Either too slow, or even crashing the buildds. -- Matthias Klose Wed, 03 Oct 2018 04:24:27 +0200 openjdk-11 (11~28-2) unstable; urgency=medium [ Matthias Klose ] * Configure --with-jvm-features=zgc on amd64. Closes: #909560. [ Tiago Stürmer Daitx ] * debian/rules: by default leave atk disabled, move accessibility bridge to recommends. LP: #1788250. LP: #1788267. * debian/control.in, debian/control: move accessibility bridge to recommends, add testng and libguava-java as build dependencies. * debian/rules: - copy accessibility files to conf/ (thanks to Samuel Thibault). - update test rules, set output to jtreg-test-output/ as test/ belongs to openjdk source, add jaxp and nashorn, use ProblemList.txt from each testsuite as the exclude list for jtreg, update regex to include into the tarball failed jcstress tests in the Test.java#id123 format, create a tarball with the JTreport directory, add guava jar file to the test classpath. * debian/excludelist.jdk.jtx, excludelist.langtools.jtx: removed, tests now rely on the ProblemList.txt exclusion list that is included in-tree and maintained upstream. -- Matthias Klose Tue, 25 Sep 2018 18:14:28 +0200 openjdk-11 (11~28-1) unstable; urgency=medium * OpenJDK 11 build 27. -- Matthias Klose Tue, 04 Sep 2018 14:37:49 +0200 openjdk-11 (11~27-1) unstable; urgency=medium * OpenJDK 11 build 27. -- Matthias Klose Mon, 20 Aug 2018 11:30:22 +0200 openjdk-11 (11~24-1) unstable; urgency=medium * OpenJDK 11 build 24. * jhsdb is not available on ia64 and m68k either. * Update the m68k support (Adrian Glaubitz). Closes: #904204. -- Matthias Klose Fri, 27 Jul 2018 05:41:39 +0200 openjdk-11 (11~23-1) unstable; urgency=medium * OpenJDK 11 build 23. * Explicitly build-depend on libfontconfig1-dev, explicitly depend on libfontconfig1. LP: #1780151. * jhsdb is not available on armel, mipsel and mips64el. Closes: #903631. * Build using GCC 8. * Configure with --with-native-debug-symbols=internal. -- Matthias Klose Thu, 19 Jul 2018 20:03:05 +0200 openjdk-11 (11~22-2) unstable; urgency=medium * jhsdb is not available on mips. -- Matthias Klose Fri, 13 Jul 2018 07:48:13 +0200 openjdk-11 (11~22-1) unstable; urgency=medium * OpenJDK 11 build 22. * jhsdb is not available on powerpc, s390x and x32. -- Matthias Klose Thu, 12 Jul 2018 17:00:12 +0200 openjdk-11 (11~21-2) unstable; urgency=medium * jaotc is only available on amd64 and arm64. -- Matthias Klose Sun, 08 Jul 2018 08:22:34 +0200 openjdk-11 (11~21-1) unstable; urgency=medium * OpenJDK 11 build 21. * Fix the jre/jdk split again. -- Matthias Klose Fri, 06 Jul 2018 07:10:53 +0200 openjdk-11 (11~19-1) unstable; urgency=medium * OpenJDK 11 build 19. -- Matthias Klose Mon, 25 Jun 2018 11:04:39 +0200 openjdk-11 (11~18-2) unstable; urgency=medium * Fix the parallel build with multiple VM variants. * Fix installation of the jre binaries. Closes: #901674. -- Matthias Klose Tue, 19 Jun 2018 06:17:22 +0200 openjdk-11 (11~18-1) unstable; urgency=medium * OpenJDK 11 build 18. * Apply fix to build on sparc64. Closes: #901410. * Build again the client VM on i386, limiting parallel make to two cores. -- Matthias Klose Fri, 15 Jun 2018 14:09:40 +0200 openjdk-11 (11~17-2) unstable; urgency=medium * Don't build the client VM on i386, fails since build 16. -- Matthias Klose Sat, 09 Jun 2018 21:03:00 +0200 openjdk-11 (11~17-1) unstable; urgency=medium * OpenJDK 11 build 17. -- Matthias Klose Fri, 08 Jun 2018 21:14:46 +0200 openjdk-11 (11~16-1) unstable; urgency=medium * OpenJDK 11 build 16. -- Matthias Klose Fri, 01 Jun 2018 13:21:38 +0200 openjdk-11 (11~15-1) unstable; urgency=medium * OpenJDK 11 build 15. -- Matthias Klose Mon, 28 May 2018 10:57:30 +0200 openjdk-11 (11~13-2) unstable; urgency=medium * Stop shipping the appletviewer binary. -- Matthias Klose Sun, 13 May 2018 20:09:17 -0400 openjdk-11 (11~13-1) unstable; urgency=medium * OpenJDK 11 build 13. -- Matthias Klose Sun, 13 May 2018 14:41:09 -0400 openjdk-11 (11~12-1) unstable; urgency=medium * OpenJDK 11 build 12. * Fix ftbfs on powerpcspe, adjusting the MIN_FLOAT constant (Adrian Glaubitz). Addresses: #897334. * Remove classes.jsa files on package removal. Addresses: #897411. -- Matthias Klose Sat, 05 May 2018 17:31:20 +0200 openjdk-11 (11~11-2) unstable; urgency=medium * Drop the alternative build dependency on OpenJDK 9. * Fix again the build on x32, not passing -m32 to the compiler. * Restore parts of the mips-sigset patch which are not yet upstream. -- Matthias Klose Sat, 28 Apr 2018 22:17:34 +0200 openjdk-11 (11~11-1) unstable; urgency=medium * OpenJDK 11 build 11. * Stop installing the policytool desktop file. LP: #1766843, -- Matthias Klose Fri, 27 Apr 2018 08:23:56 +0200 openjdk-11 (11~9-1) unstable; urgency=medium * OpenJDK 11 build 9. [ Tiago Stürmer Daitx ] * debian/rules: do not compress the element-list api docs as javadoc expects this file to be uncompressed when using '-link' or '-linkoffline'. Closes: #895587. -- Matthias Klose Sun, 15 Apr 2018 06:36:41 +0200 openjdk-11 (11~8-1) unstable; urgency=medium * OpenJDK 11 build 8. * Update the s390x-zEC12 patch. * Drop obsolete patches. Closes: #895060. -- Matthias Klose Sun, 08 Apr 2018 10:58:36 +0200 openjdk-11 (11~7-1) unstable; urgency=medium * OpenJDK 11 build 7. * Build using gtk 3.0. * Add again ia64 support (Adrian Glaubitz). Closes: #894064. -- Matthias Klose Mon, 02 Apr 2018 08:56:00 +0200 openjdk-11 (11~5-1) unstable; urgency=medium * OpenJDK 11 build 5. * Don't pass -m32/-m64 compiler flags explicitly on architectures not understanding these (James Cowgill). Closes: #893089. * Update the zero-x32 patch. -- Matthias Klose Thu, 22 Mar 2018 07:46:26 +0800 openjdk-11 (11~4-2) unstable; urgency=medium * Update apport hook name for 11. LP: #1738579. -- Matthias Klose Thu, 15 Mar 2018 14:30:13 +0100 openjdk-11 (11~4-1) unstable; urgency=medium * OpenJDK 11 build 4. * Disable the m68k and x32 patches for now (needs an update). * Build with -fpermissive on armel and armhf for now. -- Matthias Klose Thu, 15 Mar 2018 10:30:13 +0100 openjdk-10 (10~46-1) unstable; urgency=medium * OpenJDK 10 build 46. * Update patch for m68k (Adrian Glaubitz). Closes: #883570). * Update patch for alpha (Adrian Glaubitz). Closes: #885018). * Drop powerpcspe patch. Closes: #883493. * Work around make-4.2 MAKEFLAGS issue. Closes: #891573. -- Matthias Klose Wed, 14 Mar 2018 18:10:28 +0100 openjdk-10 (10~32-1) experimental; urgency=medium * OpenJDK 10 build 32. -- Matthias Klose Sun, 19 Nov 2017 17:52:21 +0100 openjdk-9 (9.0.1+11-1) unstable; urgency=medium * OpenJDK 9.0.1+11 release. * Bump standards version. * Configure with an empty --with-version-pre setting. LP: #1722410. * Remove JamVM packaging bits. Closes: #877523. * Remove Shark packaging bits. * Fix java/javac/jar lockups on SMP Alpha (Michael Cree). Closes: #875288. * Fix crashes in i386 applications using JNI due to Hotspot workaround for Exec Shield (Ben Hutchings). Closes: #876069. * Re-enable building altzero architectures: Closes: #874292. * Update the zero-sparc patch (Adrian Glaubitz). Closes: #874265. * Fix recommendation of microhei/zenhei font packages. Closes: #868205. * Move jmod files into the openjdk-jdk-headless package. Closes: #878272. -- Matthias Klose Fri, 27 Oct 2017 01:44:31 +0200 openjdk-9 (9~b181-4) unstable; urgency=medium * Fix whitespace in debian/rules. Closes: #873104, #873117. -- Matthias Klose Thu, 24 Aug 2017 19:15:14 +0200 openjdk-9 (9~b181-3) unstable; urgency=medium * Fix libjvm.so's .debug file names. * Install an apport hook when building on Ubuntu and derivatives. * Update the disable-doclint patch (Chris West). Closes: #866908. * Configure --with-debug-level=release on m68k as well (Adrian Glaubitz). Closes: #871316. * Drop armel and sparc from the list of alternative zero archs (Adrian Glaubitz). Closes: #871319. * Simplify the zero-sparc patch (Adrian Glaubitz). Closes: #872756. * Remove some obsolete unused patches. Closes: #871606. -- Matthias Klose Thu, 24 Aug 2017 00:42:22 +0200 openjdk-9 (9~b181-2) unstable; urgency=medium * Update the jdk-8067331 patch (Adrian Glaubitz). Closes: #871009. * Build zero on armhf again. -- Matthias Klose Mon, 07 Aug 2017 10:28:46 -0400 openjdk-9 (9~b181-1) unstable; urgency=medium * OpenJDK 9, b181. * Don't hard-code multiarch-support dependency. Closes: #870521. * Just configure m68k --with-debug-level=slowdebug. Closes: #868255. * Fix atomic_copy64 on powerpc (Andrew Haley). Closes: #870403. -- Matthias Klose Fri, 04 Aug 2017 07:35:49 -0400 openjdk-9 (9~b179-2) unstable; urgency=medium * Really configure --with-debug-level=slowdebug on Zero-only architectures. Closes: #868255. * Really enable the zero-sparc patch (Adrian Glaubitz). Closes: #864359. * Try again building zero on arm64 with slowdebug. -- Matthias Klose Mon, 24 Jul 2017 13:20:10 +0200 openjdk-9 (9~b179-1) unstable; urgency=medium * OpenJDK 9, b179. * Drop armel as a hotspot architecture. Closes: #864464. * Configure --with-debug-level=slowdebug on Zero-only architectures. Closes: #868255. * Fix recommendation of microhei/zenhei font packages. Closes: #868205. * Enable the zero-sparc patch (Adrian Glaubitz). Closes: #864359. * Update the disable-doclint patch (Chris West). Closes: #866908. * Disable the jamvm autopkg tests. -- Matthias Klose Sat, 22 Jul 2017 11:49:18 +0200 openjdk-9 (9~b177-3) unstable; urgency=medium * Fix applying the s390x-thread-stack-size patch. -- Matthias Klose Fri, 07 Jul 2017 19:18:19 +0200 openjdk-9 (9~b177-2) unstable; urgency=medium * Try to build zero again on amd64, arm64, ppc64el and s390x. * Keep the conf/* symlinks in the JAVA_HOME directory. Closes: #866924, #863080. * Drop armel from the list of hotspot architectures. See #864464. * Stop using deprecated GNOME libraries. Closes: #850268. * Apply sparc64 build fixes (Adrian Glaubitz). Closes: #864351. * Update the zero-sparc patch (Adrian Glaubitz). Closes: #864359. * Update the m68k-support patch (Adrian Glaubitz). Closes: #864595. * Disable generation of jvmti.html on m68k (Adrian Glaubitz). Closes: #864596. * Update the zero-sh patch (Adrian Glaubitz). Closes: #864643. * Update the jdk-target-arch-define patch. Closes: #865129. * Provide jvmdir symlink in /usr/lib/debug. Addresses: #867314. * Fix pt_BR translation in awt message. Addresses: #863331. * Drop the 8073754-stack-overflow-9-build patch. Closes: #864288. * Use sigset_t to store the signals used by the JVM (James Cowgill). Closes: #841173. -- Matthias Klose Fri, 07 Jul 2017 12:28:53 +0200 openjdk-9 (9~b177-1) unstable; urgency=medium * OpenJDK 9, b177. -- Matthias Klose Fri, 07 Jul 2017 02:18:33 +0000 openjdk-9 (9~b170-2) unstable; urgency=medium * OpenJDK 9, b170. -- Matthias Klose Thu, 18 May 2017 11:57:43 -0700 openjdk-9 (9~b169-1) unstable; urgency=medium * OpenJDK 9, b169. -- Matthias Klose Sun, 14 May 2017 10:11:24 -0700 openjdk-9 (9~b168-1) unstable; urgency=medium * OpenJDK 9, b168. -- Matthias Klose Fri, 05 May 2017 14:33:09 +0200 openjdk-9 (9~b164-1) unstable; urgency=medium * OpenJDK 9, b164. -- Matthias Klose Sat, 08 Apr 2017 21:39:41 +0200 openjdk-9 (9~b161-1) unstable; urgency=medium * OpenJDK 9, b161. * Don't build the zero JRE on Ubuntu/s390x. * Fix changelog format. -- Matthias Klose Fri, 17 Mar 2017 00:09:34 +0100 openjdk-9 (9~b159-1) unstable; urgency=medium * OpenJDK 9, b159. -- Matthias Klose Fri, 03 Mar 2017 19:03:10 +0100 openjdk-9 (9~b158-1) unstable; urgency=medium * OpenJDK 9, b158. * Add OpenJDK Stack Unwinder and Frame Decorator for gdb. -- Matthias Klose Sun, 26 Feb 2017 18:57:42 +0100 openjdk-9 (9~b155-1) unstable; urgency=medium * OpenJDK 9, b155. -- Matthias Klose Fri, 03 Feb 2017 07:56:11 +0100 openjdk-9 (9~b154-1) unstable; urgency=medium * OpenJDK 9, b154. * Fix libjpeg dependency. Closes: #852420. -- Matthias Klose Thu, 26 Jan 2017 23:33:55 +0100 openjdk-9 (9~b153-2) unstable; urgency=medium * Lower cpu requirements for Debian/s390x. -- Matthias Klose Sat, 21 Jan 2017 21:52:52 +0100 openjdk-9 (9~b153-1) unstable; urgency=medium * OpenJDK 9, b153. -- Matthias Klose Fri, 20 Jan 2017 14:39:18 +0100 openjdk-9 (9~b151-2) unstable; urgency=medium * Fix builds with zero and jamvm as an alternate VM. -- Matthias Klose Tue, 10 Jan 2017 15:40:20 +0100 openjdk-9 (9~b151-1) experimental; urgency=medium * OpenJDK 9, b151. -- Matthias Klose Sun, 08 Jan 2017 23:16:21 +0100 openjdk-9 (9~b149-1) experimental; urgency=medium * OpenJDK 9, b149. -- Matthias Klose Sat, 17 Dec 2016 10:58:22 +0100 openjdk-9 (9~b148-1) experimental; urgency=medium * OpenJDK 9, b148. -- Matthias Klose Mon, 12 Dec 2016 14:04:02 +0000 openjdk-9 (9~b147-1) experimental; urgency=medium * OpenJDK 9, b147. * Use sigset_t to store the signals used by the JVM (James Cowgill). Addresses: #841173. -- Matthias Klose Sat, 03 Dec 2016 15:41:51 +0100 openjdk-9 (9~b144-1) experimental; urgency=medium * OpenJDK 9, b144. -- Matthias Klose Fri, 11 Nov 2016 14:43:48 +0100 openjdk-9 (9~b143-2) experimental; urgency=medium * Fix 8168567, unbreaking the build on arm64. -- Matthias Klose Mon, 07 Nov 2016 15:46:43 +0100 openjdk-9 (9~b143-1) experimental; urgency=medium * OpenJDK 9, b143. -- Matthias Klose Sun, 06 Nov 2016 22:36:28 +0100 openjdk-9 (9~b142-1) experimental; urgency=medium * OpenJDK 9, b142. -- Matthias Klose Sat, 29 Oct 2016 12:03:19 +0200 openjdk-9 (9~b140-2) experimental; urgency=medium * Don't build zero on ppc64 and ppc64el (fails to build). -- Matthias Klose Wed, 19 Oct 2016 17:02:37 +0200 openjdk-9 (9~b140-1) experimental; urgency=medium * OpenJDK 9, b140. -- Matthias Klose Mon, 17 Oct 2016 12:01:47 +0200 openjdk-9 (9~b139-1) experimental; urgency=medium * OpenJDK 9, b139. * Stop building zero on amd64, fails to build with hardening defaults. -- Matthias Klose Sun, 09 Oct 2016 10:03:18 +0200 openjdk-9 (9~b136-1ubuntu1) yakkety; urgency=medium * 8165323: (fs) Files.getFileStore fails with "Mount point not found" in chroot environment -- Matthias Klose Wed, 21 Sep 2016 16:20:45 +0200 openjdk-9 (9~b136-1) experimental; urgency=medium * OpenJDK 9, b136. -- Matthias Klose Mon, 19 Sep 2016 20:33:07 +0200 openjdk-9 (9~b135-1) experimental; urgency=medium * OpenJDK 9, b135. -- Matthias Klose Sat, 10 Sep 2016 03:56:51 +0200 openjdk-9 (9~b134-2ubuntu1) yakkety; urgency=medium * Explicitly turn off stack-protector for zero builds. -- Matthias Klose Thu, 08 Sep 2016 17:21:13 +0200 openjdk-9 (9~b134-2) experimental; urgency=medium * Build using GCC 6. * Enable zero build on arm64 and ppc64el. * Increase thread stack size for ppc* zero builds. * Don't use Solaris compiler flags on sparc64. * Port x32 zero patch. * Don't use the just built jdk for zero builds. * Don't use getFileStore() during the build, chroots throw an exception while running jlink. * Fix removal of jre-headless alternatives. Closes: #788445. -- Matthias Klose Mon, 05 Sep 2016 14:14:01 +0200 openjdk-9 (9~b133-2) experimental; urgency=medium * Don't do bootcycle builds for zero builds. * Fix macro settings for zero builds. -- Matthias Klose Wed, 31 Aug 2016 18:34:51 +0200 openjdk-9 (9~b133-1) experimental; urgency=medium * OpenJDK 9, b133. -- Matthias Klose Mon, 29 Aug 2016 14:25:48 +0200 openjdk-9 (9~b130-1) experimental; urgency=medium * OpenJDK 9, b130. -- Matthias Klose Sun, 07 Aug 2016 23:27:51 +0200 openjdk-9 (9~b124-1) experimental; urgency=medium * OpenJDK 9, b124. * Fix an issue with libatk-wrapper (Samuel Thibault). Closes: #827796. -- Matthias Klose Sat, 28 May 2016 22:30:12 +0200 openjdk-9 (9~b117-1) experimental; urgency=medium * OpenJDK 9, b117. * Fix zero builds, next try. -- Matthias Klose Thu, 05 May 2016 23:10:57 +0200 openjdk-9 (9~b116-1) experimental; urgency=medium * OpenJDK 9, b116. -- Matthias Klose Fri, 29 Apr 2016 00:41:04 +0200 openjdk-9 (9~b115-2) experimental; urgency=medium * Fix zero builds: - Backport 8132051, 8146518, 8150654, 8154210 from the hs repo. - Apply proposed patch for 8153275. * Set initial VMThreadStackSize to 1600 on s390x. * Tighten openjdk build dependency on s390x. -- Matthias Klose Sat, 23 Apr 2016 23:09:19 +0200 openjdk-9 (9~b115-1) experimental; urgency=medium * OpenJDK 9, b115. * Fix header file conflict. Closes: #816440. LP: #1550950. -- Matthias Klose Thu, 21 Apr 2016 23:48:04 +0200 openjdk-9 (9~b114-0ubuntu1) xenial; urgency=medium * OpenJDK 9, b114. -- Matthias Klose Thu, 14 Apr 2016 21:02:34 +0200 openjdk-9 (9~b113-1) experimental; urgency=medium * OpenJDK 9, b113. -- Matthias Klose Wed, 13 Apr 2016 20:58:18 +0200 openjdk-9 (9~b112-3) experimental; urgency=medium * Fix zero builds, apply proposed patch for JDK-8153275. -- Matthias Klose Fri, 01 Apr 2016 18:39:09 +0200 openjdk-9 (9~b112-2) experimental; urgency=medium * OpenJDK 9, b112. -- Matthias Klose Thu, 31 Mar 2016 15:44:43 +0200 openjdk-9 (9~b107-1) experimental; urgency=medium * OpenJDK 9, b107. * Build-depend on openjdk-9-jdk-headless . * Build with GCC 5 on mips*. * Split out an openjdk-9-jdk-headless package. * Update libgconf/libgnome jre recommendations. Addresses: #813943. * Update package reference in README. Addresses: #814605. * Add french translation for policytool desktop file. Addresses: #813851. * Install app icons again. -- Matthias Klose Sat, 27 Feb 2016 11:55:04 +0100 openjdk-9 (9~b102-1) experimental; urgency=medium * OpenJDK 9, b102. -- Matthias Klose Tue, 26 Jan 2016 13:33:16 +0100 openjdk-9 (9~b101-2ubuntu2) xenial; urgency=medium * Don't build zero on arm64. -- Matthias Klose Sun, 17 Jan 2016 11:17:19 +0100 openjdk-9 (9~b101-2ubuntu1) xenial; urgency=medium * Ignore installing jsadebugd.1. -- Matthias Klose Sun, 17 Jan 2016 10:33:06 +0100 openjdk-9 (9~b101-2) experimental; urgency=medium * Disable the zero build on ppc64el, currently fails to build. -- Matthias Klose Sat, 16 Jan 2016 10:30:18 +0100 openjdk-9 (9~b101-1) experimental; urgency=medium * OpenJDK 9, b101. * Fix cross builds. * Build again using GCC 4.9 on mips*, fails to build with GCC 5. -- Matthias Klose Fri, 15 Jan 2016 12:25:14 +0100 openjdk-9 (9~b96-1) experimental; urgency=medium * OpenJDK 9, b96. * openjdk-9-jdk: Fix typo in sdk provides. Addresses: #803150. * Build using giflib 5. * Build using GCC 5 everywhere. -- Matthias Klose Sun, 13 Dec 2015 17:45:17 +0100 openjdk-9 (9~b94-1) experimental; urgency=medium * OpenJDK 9, b94. * Update configury for sparc64 (Steven Chamberlain). Addresses: #806202. * Fix stripping packages (use bash instead of expr substring). -- Matthias Klose Tue, 01 Dec 2015 11:05:27 +0100 openjdk-9 (9~b88-1) experimental; urgency=medium * OpenJDK 9, b88. -- Matthias Klose Sun, 25 Oct 2015 02:38:14 +0200 openjdk-9 (9~b87-2) wily; urgency=medium * Prefer openjdk-8-jdk for the build. -- Matthias Klose Tue, 20 Oct 2015 14:21:25 +0200 openjdk-9 (9~b87-1) experimental; urgency=medium * OpenJDK 9, b87. * Build the client hotspot on i386. -- Matthias Klose Mon, 19 Oct 2015 17:58:08 +0200 openjdk-9 (9~b80-2) experimental; urgency=medium * Fix build for armel, armhf and "unknown" zero architectures. * Fix build error on AArch64. -- Matthias Klose Sat, 05 Sep 2015 20:16:45 +0200 openjdk-9 (9~b80-1) experimental; urgency=medium * OpenJDK 9, b80. * Fix installing the openjdk.desktop file when cautious-launch is available. * Define _alpha_ / _sh_ preprocessor macros instead of alpha / sh. * Re-enable the atk bridge for releases with a fixed atk bridge. * Make derivatives builds the same as the parent distro. * Add m68k support for Zero (Andreas Schwab). -- Matthias Klose Fri, 04 Sep 2015 19:27:56 +0200 openjdk-9 (9~b74-1) experimental; urgency=medium * OpenJDK 9, b74. * Fix jdk build on x32. * JDK-8073754, increase stack size limits on powerpc and ppc64. * Configure --with-boot-jdk-jvmargs="-XX:ThreadStackSize=2240" on powerpc and ppc64. -- Matthias Klose Mon, 27 Jul 2015 20:43:48 +0200 openjdk-9 (9~b71-1) experimental; urgency=medium * OpenJDK 9, b71. * openjdk-9-jre: Recommend the real libgconf2-4 and libgnome2-0 packages. Addresses: #786594. -- Matthias Klose Mon, 06 Jul 2015 17:29:39 +0200 openjdk-9 (9~b68-4) experimental; urgency=medium * Fix 32bit detection for the build jdk; try to build again for mips and mipsel (James Cowgill). * openjdk-jre-headless: Add dependency on the package containing the mountpoint binary. -- Matthias Klose Mon, 22 Jun 2015 22:09:17 +0200 openjdk-9 (9~b68-3) experimental; urgency=medium * Enable bootcycle zero builds everywhere. * Re-enable running the testsuite. -- Matthias Klose Thu, 18 Jun 2015 23:55:33 +0200 openjdk-9 (9~b68-2) experimental; urgency=medium * Fix 8080684, PPC64 little-endian build. * Fix installation of zero based builds. -- Matthias Klose Wed, 17 Jun 2015 19:03:31 +0200 openjdk-9 (9~b68-1) experimental; urgency=medium * OpenJDK 9, b68. * Fix the build on AArch64 (Ed Nevill). -- Matthias Klose Tue, 16 Jun 2015 11:39:02 +0200 openjdk-9 (9~b64-1) experimental; urgency=medium * OpenJDK 9, b64. * Fix build error in zero. -- Matthias Klose Mon, 18 May 2015 17:30:20 +0200 openjdk-8 (8u45-b14-2) unstable; urgency=medium * Fix JamVM with 8u45. Closes: #766284. -- Matthias Klose Sun, 10 May 2015 19:28:41 +0200 openjdk-8 (8u45-b14-1) unstable; urgency=medium * Update to 8u45-b14. * Update AArch64 to (post) 8u45-b14. * Make libnss3-dev installable on precise (Thorsten Glaser). LP: #1411630. * Only install the openjdk-java.desktop file when using cautious-launcher. -- Matthias Klose Sun, 19 Apr 2015 16:31:44 +0200 openjdk-8 (8u40-b27-1) unstable; urgency=medium * Update to 8u40-b27. * Update AArch64 to (post) 8u40-b25. * Fix libjavajpeg build using the system jpeg library. Closes: #760926. -- Matthias Klose Tue, 17 Mar 2015 01:19:45 +0100 openjdk-8 (8u40~b22-1ubuntu1) vivid; urgency=medium * Update AArch64 to 8u40-b22. * Update the alpha float patch. * Fix JDK-8067330, ZERO_ARCHDEF incorrectly defined for PPC/PPC64 architectures. * Fix JDK-8067331, Zero: Atomic::xchg and Atomic::xchg_ptr need full memory barrier. * Build using OpenJDK-8. -- Matthias Klose Tue, 27 Jan 2015 14:59:00 +0100 openjdk-8 (8u40~b22-1) unstable; urgency=medium * Update to 8u40-b22. * Fix build on mips64 and mips64el. Closes: #776295. * Don't strip libjvm.so to prevent rejection by ftp-master (work around, but no fix in the archive). Addresses: #775760. * Fix jamvm to work with recent security updates. Closes: #766284. -- Matthias Klose Mon, 26 Jan 2015 16:59:37 +0100 openjdk-8 (8u40~b21-1) unstable; urgency=medium * Update to 8u40-b21. -- Matthias Klose Thu, 15 Jan 2015 12:14:18 +0100 openjdk-8 (8u40~b10-1) unstable; urgency=medium * Fix libjpeg runtime dependency. -- Matthias Klose Thu, 16 Oct 2014 08:38:13 +0200 openjdk-8 (8u40~b09-1) unstable; urgency=medium * Update to 8u40-b09. * Update the AArch64 hotspot to 8u40-b09. * Allow to build for Ubuntu 12.04 LTS. * Change B-D to libjpeg-dev to finish the transition to libjpeg-turbo (Ondřej Surý). Closes: #763490. * Backport the fix for 8017773 OpenJDK returns incorrect TrueType font metrics. Closes: #762323. * Depend on libnss3 instead of libnss3-1d for recent releases. Addresses: #760122. -- Matthias Klose Tue, 14 Oct 2014 12:39:18 +0200 openjdk-8 (8u40~b04-2) unstable; urgency=medium * Remove AArch64 patch applied upstream. * Update the kfresbsd jdk patch, still not forwarded upstream. -- Matthias Klose Tue, 09 Sep 2014 17:08:32 +0200 openjdk-8 (8u40~b04-1) experimental; urgency=medium * Update to 8u40-b04. * Backport 8050942, implement template interpreter for ppc64le. * Build-depend on systemtap-sdt-dev. -- Matthias Klose Wed, 03 Sep 2014 21:11:27 +0200 openjdk-8 (8u20-b26-1) experimental; urgency=medium * 8u20 build 26 is the final 8u20 release. * Update the AArch64 hotspot. * Fix applying the kfreebsd patch for JamVM. * x32 build fixes. * Allow openjdk-8-jdk as an alternative build dependency. * Adjust timeouts for jtreg runs. -- Matthias Klose Wed, 20 Aug 2014 10:34:55 +0200 openjdk-8 (8u20~b26-1) experimental; urgency=medium * Update to 8u20-b26. * Update to JamVM 2.0.0. * Update to IcedTea-Sound 1.0.1. * Update toplevel configury to recognize zero archs alpha, mips*, m68k, sh4. * Update kfreebsd-support patches (Steven Chamberlain). * Fix an uninitialized memory issue in adlc (Fridrich Strba). * Move libjavagtk into the -jre package. * Use the system libpcsclite library. * Fix typo, ignoring boot cycle builds (Emmanuel Bourg). * Derive the update version and the build number from the package version (Emmanuel Bourg). * Call quilt with --quiltrc -. Closes: #755710. * openjdk-8-jdk: Fix src.zip symlink. Closes: #755869. -- Matthias Klose Thu, 31 Jul 2014 19:51:35 +0200 openjdk-8 (8u20~b20-2) experimental; urgency=medium * Work around OpenJDK's build system which is not robust enough to accept commas in *FLAGS. * Pass extra flags for non-hotspot builds. * Fix the zero build on i386. * Don't add extra symlinks for the jni_{md,jawt}.h header files. -- Matthias Klose Fri, 11 Jul 2014 20:30:54 +0200 openjdk-8 (8u20~b20-1) experimental; urgency=medium * Initial OpenJDK 8 packaging, based on 8u20-b20. * Fix hotspot build system for GNU make 4.0 (Emmanuel Bourg). * Drop rhino (build) dependencies (Emmanuel Bourg). * Add java8 provides (Emmanuel Bourg). * Add IcedTea patches to build with external jpeg, png and lcms libraries (Emmanuel Bourg). * Add keywords to the desktop files (Emmanuel Bourg). * Remove the suggested dependency on sun-java6-fonts ((Emmanuel Bourg). * Build hotspot on ppc64 and ppc64el. * Add the IcedTea Sound tarball. * Don't strip files when building the images. * Update patches to pass the extra flags to the libsig and libsaproc builds. * Use dh_strip's knowledge about build ids when available. -- Matthias Klose Wed, 09 Jul 2014 20:11:18 +0200 openjdk-7 (7u55-2.4.7-2) unstable; urgency=medium * Fix the quoting of configure flags for the zero build. * Update the java-access-bridge-security patch (Raphael Geissert). * Don't hard code the compiler names in the AArch64 hotspot build. * Build using GCC 4.9 where available. * Add MIPS64(el) support (Yunqiang Su). Closes: #746207. * Suggest fonts-indic instead of ttf-indic-fonts. Closes: #747694. -- Matthias Klose Fri, 16 May 2014 19:12:42 +0200 openjdk-7 (7u55-2.4.7-1) unstable; urgency=high * IcedTea7 2.4.7 release. * Security fixes - S8023046: Enhance splashscreen support. - S8025005: Enhance CORBA initializations. - S8025010, CVE-2014-2412: Enhance AWT contexts. - S8025030, CVE-2014-2414: Enhance stream handling. - S8025152, CVE-2014-0458: Enhance activation set up. - S8026067: Enhance signed jar verification. - S8026163, CVE-2014-2427: Enhance media provisioning. - S8026188, CVE-2014-2423: Enhance envelope factory. - S8026200: Enhance RowSet Factory. - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling. - S8026736, CVE-2014-2398: Enhance Javadoc pages. - S8026797, CVE-2014-0451: Enhance data transfers. - S8026801, CVE-2014-0452: Enhance endpoint addressing. - S8027766, CVE-2014-0453: Enhance RSA processing. - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations. - S8028385: Enhance RowSet Factory. - S8029282, CVE-2014-2403: Enhance CharInfo set up. - S8029286: Enhance subject delegation. - S8029699: Update Poller demo. - S8029730: Improve audio device additions. - S8029735: Enhance service mgmt natives. - S8029740, CVE-2014-0446: Enhance handling of loggers. - S8029745, CVE-2014-0454: Enhance algorithm checking. - S8029750: Enhance LCMS color processing (LCMS 2 only). - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg). - S8029844, CVE-2014-0455: Enhance argument validation. - S8029854, CVE-2014-2421: Enhance JPEG decodings. - S8029858, CVE-2014-0456: Enhance array copies. - S8030731, CVE-2014-0460: Improve name service robustness. - S8031330: Refactor ObjectFactory. - S8031335, CVE-2014-0459: Better color profiling. - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng). - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader. - S8031395: Enhance LDAP processing. - S8032686, CVE-2014-2413: Issues with method invoke. - S8033618, CVE-2014-1876: Correct logging output. - S8034926, CVE-2014-2397: Attribute classes properly. - S8036794, CVE-2014-0461: Manage JavaScript instances. * AArch64 fixes. -- Matthias Klose Wed, 16 Apr 2014 15:37:40 +0200 openjdk-7 (7u51-2.4.6-1) unstable; urgency=medium * IcedTea7 2.4.6 release. * Explicitly use AC_MAINTAINER_MODE and automake-1.11 to create the debian .orig tarball. Addresses: #740289. * Apply patch from upstream to fix bold fonts in Swing applications using GTK L&F (Ryan Tandy). LP: #937200. * Explicitly build-depend on libkrb5-dev. * On AArch64 don't use the hotsport backport for the zero build. -- Matthias Klose Tue, 01 Apr 2014 09:25:19 +0200 openjdk-7 (7u51-2.4.6~pre1-1) unstable; urgency=medium * IcedTea7 2.4.6 prerelease. * Fix icedtea-web build failure on kfreebsd-* (unable to find sun.security.util.SecurityConstants). Steven Chamberlain. Closes: #739032. * Update the AArch64 Hotspot. -- Matthias Klose Thu, 27 Mar 2014 17:24:45 +0100 openjdk-7 (7u51-2.4.5-2) unstable; urgency=medium * Update the KFreeBSD patch (Steven Chamberlain). Closes: #736291. -- Matthias Klose Tue, 04 Feb 2014 13:28:10 +0100 openjdk-7 (7u51-2.4.5-1) unstable; urgency=medium * IcedTea7 2.4.5 release. * Build Hotspot client and server vms for AArch64. -- Matthias Klose Fri, 31 Jan 2014 06:13:20 -0500 openjdk-7 (7u51-2.4.4-1) unstable; urgency=medium * IcedTea7 2.4.4 release. * Security fixes - S6727821: Enhance JAAS Configuration. - S7068126, CVE-2014-0373: Enhance SNMP statuses. - S8010935: Better XML handling. - S8011786, CVE-2014-0368: Better applet networking. - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list. - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code. - S8022904: Enhance JDBC Parsers. - S8022927: Input validation for byte/endian conversions. - S8022935: Enhance Apache resolver classes. - S8022945: Enhance JNDI implementation classes. - S8023057: Enhance start up image display. - S8023069, CVE-2014-0411: Enhance TLS connections. - S8023245, CVE-2014-0423: Enhance Beans decoding. - S8023301: Enhance generic classes. - S8023338: Update jarsigner to encourage timestamping. - S8023672: Enhance jar file validation. - S8024302: Clarify jar verifications. - S8024306, CVE-2014-0416: Enhance Subject consistency. - S8024530: Enhance font process resilience. - S8024867: Enhance logging start up. - S8025014: Enhance Security Policy. - S8025018, CVE-2014-0376: Enhance JAX-P set up. - S8025026, CVE-2013-5878: Enhance canonicalization. - S8025034, CVE-2013-5907: Improve layout lookups. - S8025448: Enhance listening events. - S8025758, CVE-2014-0422: Enhance Naming management. - S8025767, CVE-2014-0428: Enhance IIOP Streams. - S8026172: Enhance UI Management. - S8026176: Enhance document printing. - S8026193, CVE-2013-5884: Enhance CORBA stub factories. - S8026204: Enhance auth login contexts. - S8026417, CVE-2013-5910: Enhance XML canonicalization. - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms. - S8027201, CVE-2014-0376: Enhance JAX-P set up. - S8029507, CVE-2013-5893: Enhance JVM method processing. - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains. * Remove alpha from stage1_gcj_archs. * Use the langtools and jdk tarballs as provided by IcedTea. * Hotspot is dead on sparc. Build the zero interpreter as the default. * Blindly update the KF***BSD patches. -- Matthias Klose Wed, 15 Jan 2014 10:34:34 +0100 openjdk-7 (7u45-2.4.3-5) unstable; urgency=medium * Run the jtreg tests on powerpcspe, tested by Roland Stigge. * Fix zero builds on 64k page kernel configs. * Fix more IcedTea bits to build on x32. -- Matthias Klose Sat, 11 Jan 2014 13:55:34 +0100 openjdk-7 (7u45-2.4.3-4) unstable; urgency=low * Re-enable running the testsuite on powerpc. * Run the testsuite on AArch64. * Fix IcedTea bits to build on x32. -- Matthias Klose Sun, 22 Dec 2013 21:20:10 +0100 openjdk-7 (7u45-2.4.3-3) unstable; urgency=low * Don't build on s390 anymore. * Update hotspot-mips-align patch (Aurelien Jarno). Closes: #732528). * Build for ppc64el. * Try to build zero on x32. * Configure with --enable-zero on sparc and sparc64. -- Matthias Klose Fri, 20 Dec 2013 14:42:38 +0100 openjdk-7 (7u45-2.4.3-2.3) unstable; urgency=medium * Disable bootstrap build on alpha. Closes: #719671. * Disable running the jdk jtreg tests on the hotspot architectures. Hanging on the buildds. * Re-enable the jexec patch, program logic confused by running jexec outside the assumed java home. Closes: #731961. * Don't apply the s390 patches on s390x. s390 is successfully dead. * Fix zero builds on little endian architectures, taken from the trunk. -- Matthias Klose Thu, 12 Dec 2013 18:24:44 +0100 openjdk-7 (7u45-2.4.3-1) unstable; urgency=medium * IcedTea7 2.4.3 release. * Security fixes: - S8006900, CVE-2013-3829: Add new date/time capability. - S8008589: Better MBean permission validation. - S8011071, CVE-2013-5780: Better crypto provider handling. - S8011081, CVE-2013-5772: Improve jhat. - S8011157, CVE-2013-5814: Improve CORBA portablility. - S8012071, CVE-2013-5790: Better Building of Beans. - S8012147: Improve tool support. - S8012277: CVE-2013-5849: Improve AWT DataFlavor. - S8012425, CVE-2013-5802: Transform TransformerFactory. - S8013503, CVE-2013-5851: Improve stream factories. - S8013506: Better Pack200 data handling. - S8013510, CVE-2013-5809: Augment image writing code. - S8013514: Improve stability of cmap class. - S8013739, CVE-2013-5817: Better LDAP resource management. - S8013744, CVE-2013-5783: Better tabling for AWT. - S8014085: Better serialization support in JMX classes. - S8014093, CVE-2013-5782: Improve parsing of images. - S8014098: Better profile validation. - S8014102, CVE-2013-5778: Improve image conversion. - S8014341, CVE-2013-5803: Better service from Kerberos servers. - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations. - S8014530, CVE-2013-5825: Better digital signature processing. - S8014534: Better profiling support. - S8014987, CVE-2013-5842: Augment serialization handling. - S8015614: Update build settings. - S8015731: Subject java.security.auth.subject to improvements. - S8015743, CVE-2013-5774: Address internet addresses. - S8016256: Make finalization final. - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names. - S8016675, CVE-2013-5797: Make Javadoc pages more robust. - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately. - S8017287, CVE-2013-5829: Better resource disposal. - S8017291, CVE-2013-5830: Cast Proxies Aside. - S8017298, CVE-2013-4002: Better XML support. - S8017300, CVE-2013-5784: Improve Interface Implementation. - S8017505, CVE-2013-5820: Better Client Service. - S8019292: Better Attribute Value Exceptions. - S8019617: Better view of objects. - S8020293: JVM crash. - S8021275, CVE-2013-5805: Better screening for ScreenMenu. - S8021282, CVE-2013-5806: Better recycling of object instances. - S8021286: Improve MacOS resourcing. - S8021290, CVE-2013-5823: Better signature validation. - S8022931, CVE-2013-5800: Enhance Kerberos exceptions. - S8022940: Enhance CORBA translations. - S8023683: Enhance class file parsing. * Fix build failure on mips* (Aurelien Jarno). Closes: #729448). * Run autoreconf. Closes: #724083. * Merge the -jre-lib package into -jre-headless. Simplifies the packaging and the savings were not as big as wanted, because the rt.jar is still architecture dependant. Closes: #641049, #722510. -- Matthias Klose Sun, 08 Dec 2013 23:22:06 +0100 openjdk-7 (7u25-2.3.12-4ubuntu3) saucy; urgency=low * Apply missing patch to fix arm64/AArch64 detection. -- Matthias Klose Fri, 11 Oct 2013 17:51:33 +0200 openjdk-7 (7u25-2.3.12-4ubuntu2) saucy; urgency=low * openjdk-jre-headless: Loosen the dependency on -jre-lib. -- Matthias Klose Wed, 09 Oct 2013 16:29:15 +0200 openjdk-7 (7u25-2.3.12-4ubuntu1) saucy; urgency=low * Regenerate the control file. -- Matthias Klose Fri, 16 Aug 2013 12:09:47 +0200 openjdk-7 (7u25-2.3.12-4) unstable; urgency=low * Add the hotspot patches for AArch64, which apparently were not included in the IcedTea release by intent. * Don't interpret arm64 as an ARM architecture, but as AArch64. So much for Debian calling this port arm64 ... * Use host macros instead of build macros for corba and hotspot config. * Re-add multiarch library directories to the default library path. Closes: #712567. * Enable the two-stage build on alpha. Closes: #719671. * Build for powerpcspe (Roland Stigge). Closes: #712686. * Recommend fonts-dejavu-extra instead of ttf-dejavu-extra for current releases. Closes: #718839. -- Matthias Klose Thu, 15 Aug 2013 21:26:51 +0200 openjdk-7 (7u25-2.3.12-3) unstable; urgency=low * Fix kFreeBSD builds (Thanks to Christoph Egger for his help). -- Damien Raude-Morvan Mon, 12 Aug 2013 00:39:41 +0200 openjdk-7 (7u25-2.3.12-2) unstable; urgency=low [ Matthias Klose ] * Regenerate the hotspot-s390 patch. [ Damien Raude-Morvan ] * Update kfreebsd patches. -- Matthias Klose Sat, 03 Aug 2013 20:22:41 +0200 openjdk-7 (7u25-2.3.12-1) unstable; urgency=low * IcedTea7 2.3.12 release. * Don't build with pulseaudio on arm64. * Disable bootstraped build on s390 and sparc. -- Matthias Klose Fri, 02 Aug 2013 15:55:01 +0200 openjdk-7 (7u25-2.3.10-2ubuntu1) saucy; urgency=low * Regenerate the control file. -- Matthias Klose Mon, 15 Jul 2013 23:59:45 +0200 openjdk-7 (7u25-2.3.10-2) unstable; urgency=low [ Matthias Klose ] * Fix gcj-jdk build dependency on ia64 and s390. * Build zero on arm64. [ Gianfranco Costamagna ] * Fix build failure on kfreebsd (Closes: #714528) -- Matthias Klose Sun, 30 Jun 2013 17:12:28 +0200 openjdk-7 (7u25-2.3.10-1) unstable; urgency=high * IcedTea7 2.3.10 release. * Security fixes * S6741606, CVE-2013-2407: Integrate Apache Santuario. * S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls. * S7170730, CVE-2013-2451: Improve Windows network stack support. * S8000638, CVE-2013-2450: Improve deserialization. * S8000642, CVE-2013-2446: Better handling of objects for transportation. * S8001032: Restrict object access. * S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers. * S8001034, CVE-2013-1500: Memory management improvements. * S8001038, CVE-2013-2444: Resourcefully handle resources. * S8001043: Clarify definition restrictions. * S8001308: Update display of applet windows. * S8001309: Better handling of annotation interfaces. * S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost. * S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only). * S8003703, CVE-2013-2412: Update RMI connection dialog box. * S8004288, CVE-2013-2449: (fs) Files.probeContentType problems. * S8004584: Augment applet contextualization. * S8005007: Better glyph processing. * S8006328, CVE-2013-2448: Improve robustness of sound classes. * S8006611: Improve scripting. * S8007467: Improve robustness of JMX internal APIs. * S8007471: Improve MBean notifications. * S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes. * S8007925: Improve cmsStageAllocLabV2ToV4curves. * S8007926: Improve cmsPipelineDup. * S8007927: Improve cmsAllocProfileSequenceDescription. * S8007929: Improve CurvesAlloc. * S8008120, CVE-2013-2457: Improve JMX class checking. * S8008124, CVE-2013-2453: Better compliance testing. * S8008128: Better API coherence for JMX. * S8008132, CVE-2013-2456: Better serialization support. * S8008585: Better JMX data handling. * S8008593: Better URLClassLoader resource management. * S8008603: Improve provision of JMX providers. * S8008607: Better input checking in JMX. * S8008611: Better handling of annotations in JMX. * S8008615: Improve robustness of JMX internal APIs. * S8008623: Better handling of MBeanServers. * S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606. * S8008982: Adjust JMX for underlying interface changes. * S8009004: Better implementation of RMI connections. * S8009008: Better manage management-api. * S8009013: Better handling of T2K glyphs. * S8009034: Improve resulting notifications in JMX. * S8009038: Improve JMX notification support. * S8009057, CVE-2013-2448: Improve MIDI event handling. * S8009067: Improve storing keys in KeyStore. * S8009071, CVE-2013-2459: Improve shape handling. * S8009235: Improve handling of TSA data. * S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change. * S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields. * S8009654: Improve stability of cmsnamed. * S8010209, CVE-2013-2460: Better provision of factories. * S8011243, CVE-2013-2470: Improve ImagingLib. * S8011248, CVE-2013-2471: Better Component Rasters. * S8011253, CVE-2013-2472: Better Short Component Rasters. * S8011257, CVE-2013-2473: Better Byte Component Rasters. * S8012375, CVE-2013-1571: Improve Javadoc framing. * S8012421: Better positioning of PairPositioning. * S8012438, CVE-2013-2463: Better image validation. * S8012597, CVE-2013-2465: Better image channel verification. * S8012601, CVE-2013-2469: Better validation of image layouts. * S8014281, CVE-2013-2461: Better checking of XML signature. * S8015997: Additional improvement in Javadoc framing. * Breaks icedtea-netx (<< 1.4-2). -- Matthias Klose Fri, 28 Jun 2013 16:55:32 +0200 openjdk-7 (7u21-2.3.9-5) unstable; urgency=low * Update kFreeBSD support (Guido Guenther). Closes: #708818. * Stop building the transitional cacao package for sid. -- Matthias Klose Sat, 18 May 2013 20:13:33 +0200 openjdk-7 (7u21-2.3.9-4) unstable; urgency=high * Build the transitional cacao package for sid as well. Apparently some buildds are not updated to list wheezy as the code name for the current distribution. -- Matthias Klose Thu, 02 May 2013 03:27:44 +0200 openjdk-7 (7u21-2.3.9-3) unstable; urgency=high * Disable the cacao build again, causing build failures on i386 and s390. * Build a transitional cacao jre package instead. -- Matthias Klose Tue, 30 Apr 2013 00:27:05 +0200 openjdk-7 (7u21-2.3.9-2) unstable; urgency=high * On ia64, use gcj-4.7 for the bootstrap build. * Drop the cacao jre from recommends to suggests. * Re-enable cacao, was enabled in the 2.1.x series. -- Matthias Klose Sat, 27 Apr 2013 01:17:16 +0200 openjdk-7 (7u21-2.3.9-1) unstable; urgency=high * IcedTea7 2.3.9 release. * Security fixes: - S6657673, CVE-2013-1518: Issues with JAXP. - S7200507: Refactor Introspector internals. - S8000724, CVE-2013-2417: Improve networking serialization. - S8001031, CVE-2013-2419: Better font processing. - S8001040, CVE-2013-1537: Rework RMI model. - S8001322: Refactor deserialization. - S8001329, CVE-2013-1557: Augment RMI logging. - S8003335: Better handling of Finalizer thread. - S8003445: Adjust JAX-WS to focus on API. - S8003543, CVE-2013-2415: Improve processing of MTOM attachments. - S8004261: Improve input validation. - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames. - S8004986, CVE-2013-2383: Better handling of glyph table. - S8004987, CVE-2013-2384: Improve font layout. - S8004994, CVE-2013-1569: Improve checking of glyph table. - S8005432: Update access to JAX-WS. - S8005943: (process) Improved Runtime.exec. - S8006309: More reliable control panel operation. - S8006435, CVE-2013-2424: Improvements in JMX. - S8006790: Improve checking for windows. - S8006795: Improve font warning messages. - S8007406: Improve accessibility of AccessBridge. - S8007617, CVE-2013-2420: Better validation of images. - S8007667, CVE-2013-2430: Better image reading. - S8007918, CVE-2013-2429: Better image writing. - S8008140: Better method handle resolution. - S8009049, CVE-2013-2436: Better method handle binding. - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap. - S8009305, CVE-2013-0401: Improve AWT data transfer. - S8009677, CVE-2013-2423: Better setting of setters. - S8009699, CVE-2013-2421: Methodhandle lookup. - S8009814, CVE-2013-1488: Better driver management. - S8009857, CVE-2013-2422: Problem with plugin. * Backports: - S7130662: GTK file dialog crashes with a NPE. * Bug fixes - PR1363: Fedora 19 / rawhide FTBFS SIGILL. - PR1401: Fix Zero build on 2.3.8. - Fix offset problem in ICU LETableReference. - Change -Werror fix to preserve OpenJDK default. - PR1303: Correct #ifdef to #if. - PR1404: Failure to bootstrap with ecj 4.2. -- Matthias Klose Mon, 22 Apr 2013 03:27:08 +0200 openjdk-7 (7u17-2.3.8-2) experimental; urgency=low * Remove Torsten Werner as uploader. -- Matthias Klose Mon, 01 Apr 2013 00:39:58 +0200 openjdk-7 (7u17-2.3.8-1ubuntu1) raring; urgency=low * Regenerate the control file. -- Matthias Klose Sun, 31 Mar 2013 20:10:05 +0200 openjdk-7 (7u17-2.3.8-1) experimental; urgency=low * IcedTea7 2.3.8 release. * Security fixes: - S8007014, CVE-2013-0809: Improve image handling. - S8007675, CVE-2013-1493: Improve color conversion. * Backports: - S8002344: Krb5LoginModule config class does not return proper KDC list from DNS. - S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c. - S8006179: JSR292 MethodHandles lookup with interface using findVirtual(). - S8006882: Proxy generated classes in sun.proxy package breaks JMockit. * Bug fixes: - PR1303: Correct #ifdef to #if. - PR1340: Simplify the rhino class rewriter to avoid use of concurrency. - Revert 7017193 and add the missing free call, until a better fix is ready. -- Matthias Klose Sun, 31 Mar 2013 14:31:11 +0200 openjdk-7 (7u15-2.3.7-1ubuntu2) raring; urgency=low * Security fixes: - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion - debian/rules: updated to add 8007014.patch and 8007675.patch -- Jamie Strandboge Wed, 06 Mar 2013 14:12:03 -0600 openjdk-7 (7u15-2.3.7-1ubuntu1) raring; urgency=low * Regenerate the control file. -- Matthias Klose Wed, 20 Feb 2013 23:59:54 +0100 openjdk-7 (7u15-2.3.7-1) experimental; urgency=low * IcedTea7 2.3.7 release. * Security fixes: - S8004937, CVE-2013-1484: Improve proxy construction. - S8006439, CVE-2013-1485: Improve MethodHandles coverage. - S8006446, CVE-2013-1486: Restrict MBeanServer access. - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages. - S8007688: Blacklist known bad certificate. * Backports: - S8007393: Possible race condition after JDK-6664509. - S8007611: logging behavior in applet changed. * For zero builds, use the same hotspot version as in 2.1.6. * Reenable bootstrap builds, except for alpha. * Explicitly disable building on mips/mipsel. Not supported by the Debian OpenJDK maintainers, the Debian mips porters, or the Debian Java team. -- Matthias Klose Wed, 20 Feb 2013 23:33:58 +0100 openjdk-7 (7u13-2.3.6-1) experimental; urgency=low * IcedTea7 2.3.6 release. - Disable bootstrap builds, currently broken in IcedTea. * Security fixes: - S6563318, CVE-2013-0424: RMI data sanitization. - S6664509, CVE-2013-0425: Add logging context. - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time. - S6776941: CVE-2013-0427: Improve thread pool shutdown. - S7141694, CVE-2013-0429: Improving CORBA internals. - S7173145: Improve in-memory representation of splashscreens. - S7186945: Unpack200 improvement. - S7186946: Refine unpacker resource usage. - S7186948: Improve Swing data validation. - S7186952, CVE-2013-0432: Improve clipboard access. - S7186954: Improve connection performance. - S7186957: Improve Pack200 data validation. - S7192392, CVE-2013-0443: Better validation of client keys. - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages. - S7192977, CVE-2013-0442: Issue in toolkit thread. - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies. - S7200491: Tighten up JTable layout code. - S7200500: Launcher better input validation. - S7201064: Better dialogue checking. - S7201066, CVE-2013-0441: Change modifiers on unused fields. - S7201068, CVE-2013-0435: Better handling of UI elements. - S7201070: Serialization to conform to protocol. - S7201071, CVE-2013-0433: InetSocketAddress serialization issue. - S8000210: Improve JarFile code quality. - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class. - S8000540, CVE-2013-1475: Improve IIOP type reuse management. - S8000631, CVE-2013-1476: Restrict access to class constructor. - S8001235, CVE-2013-0434: Improve JAXP HTTP handling. - S8001242: Improve RMI HTTP conformance. - S8001307: Modify ACC_SUPER behavior. - S8001972, CVE-2013-1478: Improve image processing. - S8002325, CVE-2013-1480: Improve management of images. * Fix font suggestion for indic fonts in wheezy. * Fix fontconfig definitions for japanese and korean fonts, fixing compilation of the fontconfig file. * Add Built-Using: rhino attribute for the -lib package. * Don't use concurrent features to rewrite the rhino jar file. * Enable class data sharing for the hotspot server VM. -- Matthias Klose Tue, 12 Feb 2013 20:59:48 +0100 openjdk-7 (7u9-2.3.4-1) experimental; urgency=low * IcedTea7 2.3.4 release. * Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries. - S8006017, CVE-2013-0422: Improve lookup resolutions. - S8006125: Update MethodHandles library interactions. * Bug fixes - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts. - G422525: Fix building with PaX enabled kernels. [ Matthias Klose ] * Loosen OpenGL dependency. Closes: #695028. * Fix error parsing drop files parameter from pcmanfm (Alberto Fernández Martínez). Closes: #695992. [ Thorsten Glaser ] * debian/rules: Use gcj-4.6-jdk for m68k builds. * d/patches/text-relocations.patch: build with -fPIC on all archs. -- Matthias Klose Tue, 15 Jan 2013 23:38:48 +0100 openjdk-7 (7u9-2.3.3-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Wed, 17 Oct 2012 15:16:51 +0200 openjdk-7 (7u9-2.3.3-0ubuntu1) quantal-security; urgency=low * IcedTea7 2.3.3 release. * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking. - S7093490: adjust package access in rmiregistry. - S7143535, CVE-2012-5068: ScriptEngine corrected permissions. - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp. - S7158807: Revise stack management with volatile call sites. - S7163198, CVE-2012-5076: Tightened package accessibility. - S7167656, CVE-2012-5077: Multiple Seeders are being created. - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types. - S7169887, CVE-2012-5074: Tightened package accessibility. - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector. - S7172522, CVE-2012-5072: Improve DomainCombiner checking. - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC. - S7189103, CVE-2012-5069: Executors needs to maintain state. - S7189490: More improvements to DomainCombiner checking. - S7189567, CVE-2012-5085: java net obselete protocol. - S7192975, CVE-2012-5071: Issue with JMX reflection. - S7195194, CVE-2012-5084: Better data validation for Swing. - S7195549, CVE-2012-5087: Better bean object persistence. - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved. - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance. - S7196190, CVE-2012-5088: Improve method of handling MethodHandles. - S7198296, CVE-2012-5089: Refactor classloader usage. - S7158800: Improve storage of symbol tables. - S7158801: Improve VM CompileOnly option. - S7158804: Improve config file parsing. - S7198606, CVE-2012-4416: Improve VM optimization. -- Matthias Klose Wed, 17 Oct 2012 13:27:47 +0200 openjdk-7 (7u7-2.3.2a-1ubuntu1) quantal; urgency=low * Build a transitional icedtea-7-jre-cacao package to ease upgrades. -- Matthias Klose Wed, 19 Sep 2012 17:42:39 +0200 openjdk-7 (7u7-2.3.2a-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 15 Sep 2012 22:20:06 +0200 openjdk-7 (7u7-2.3.2a-0ubuntu1) quantal; urgency=low * Repackage the source to drop the cacao tarball (and packaging files). * Depend again on system provided tzdata-java and restore the zi symlink on upgrade. LP: #1050404. * libgnome2-0, libgnomevfs2-0, libgconf2-4 are not prepared for multiarch. Don't depend on these so that openjdk-7 can be installed as a multiarch package. -- Matthias Klose Sat, 15 Sep 2012 17:01:12 +0200 openjdk-7 (7u7-2.3.2-1ubuntu2) quantal; urgency=low * Make the avian VM a known runtime. -- Matthias Klose Wed, 05 Sep 2012 11:58:35 +0200 openjdk-7 (7u7-2.3.2-1ubuntu1) quantal; urgency=low * Fix 32bit hotspot build, don't set maximal heap space lower than minimal heap space for the docs build. * d/p/sane-library-paths.patch, d/p/ant-diagnostics.diff, d/p/fix-race-cond-print.diff, d/p/gcc-hotspot-opt-O[02].diff, d/p/gcc-mtune-generic.diff, d/p/openjdk-6986968.diff: Remove, not used. * Remove unused shark/llvm-3.0 patches. * d/p/zero-only-use-floating-point-if-floating-poi.patch: Remove, applied upstream. * Don't explicitly build with -march=i586 on i386 architectures. * Re-apply zero-missing-headers.diff. * Disable cacao builds, needs update for 7u7. * For Ubuntu quantal, set priorities for alternatives higher than for OpenJDK 6. * Call update-alternatives when the existing priority for the alternative is lower than the current one. * Configure with --disable-downloading. * Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433. * Revert the following change: Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (#661465). The proper fix is to create a -jdk-headless package, or not depending on these gnome packages at all (e.g. using XDG libraries). -- Matthias Klose Tue, 04 Sep 2012 12:08:31 +0200 openjdk-7 (7u7-2.3.2-1) experimental; urgency=low * New upstream IcedTea7 2.3.2 release. * Security fixes: - CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. - S7079902, CVE-2012-1711: Refine CORBA data models. - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement. - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations. - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC. - S7143872, CVE-2012-1718: Improve certificate extension processing. - S7152811, CVE-2012-1723: Issues in client compiler. - S7157609, CVE-2012-1724: Issues with loop. - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile. - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup. * Bump version to 7u7 (OpenJDK), 2.3.2 (IcedTea). Closes: #685276. * d/p/icedtea7-forest-jdk_7104625-XEvent_wrap_logging_calls_with_if.patch, d/p/hotspot-sparc.diff: Remove, integrated upstream. * d/p/{deb-multiarch,fix_extra_flags,hotspot-no-werror}.diff: Add variants for hotspot and zero builds. * d/p/default-jvm-cfg.diff, d/p/icedtea-4953367.patch, d/p/icedtea-patch.diff, d/p/icedtea-pretend-memory.diff, d/p/libpcsclite-dlopen.diff, d/p/nonreparenting-wm.diff: Update for 2.3.2. * Remove build support for Ubuntu releases earlier than hardy. * d/update-shasum.sh: Only update the shasums of the -dfsg tarballs. * Don't apply shark patches (not built anyway). -- Matthias Klose Sat, 01 Sep 2012 11:46:50 +0200 openjdk-7 (7u3-2.1.7-1) unstable; urgency=high * IcedTea7 2.1.7 release: * Security fixes: - S8007014, CVE-2013-0809: Improve image handling. - S8007675, CVE-2013-1493: Improve color conversion. * Backports: - S8002344: Krb5LoginModule config class does not return proper KDC list from DNS. - S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c. - S8006179: JSR292 MethodHandles lookup with interface using findVirtual(). - S8006882: Proxy generated classes in sun.proxy package breaks JMockit. * Bug fixes: - PR1303: Correct #ifdef to #if - Stop libraries being stripped in the OpenJDK build. - PR1340: Simplify the rhino class rewriter to avoid use of concurrency. - Revert 7017193 and add the missing free call, until a better fix is ready. -- Matthias Klose Sat, 30 Mar 2013 11:31:12 +0100 openjdk-7 (7u3-2.1.6-1) unstable; urgency=high * IcedTea7 2.1.5 release: * Security fixes: - S6563318, CVE-2013-0424: RMI data sanitization. - S6664509, CVE-2013-0425: Add logging context. - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time. - S6776941: CVE-2013-0427: Improve thread pool shutdown. - S7141694, CVE-2013-0429: Improving CORBA internals. - S7173145: Improve in-memory representation of splashscreens. - S7186945: Unpack200 improvement. - S7186946: Refine unpacker resource usage. - S7186948: Improve Swing data validation. - S7186952, CVE-2013-0432: Improve clipboard access. - S7186954: Improve connection performance. - S7186957: Improve Pack200 data validation. - S7192392, CVE-2013-0443: Better validation of client keys. - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages. - S7192977, CVE-2013-0442: Issue in toolkit thread. - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies. - S7200491: Tighten up JTable layout code. - S7200493, CVE-2013-0444: Improve cache handling. - S7200499: Better data validation for options. - S7200500: Launcher better input validation. - S7201064: Better dialogue checking. - S7201066, CVE-2013-0441: Change modifiers on unused fields. - S7201068, CVE-2013-0435: Better handling of UI elements. - S7201070: Serialization to conform to protocol. - S7201071, CVE-2013-0433: InetSocketAddress serialization issue. - S8000210: Improve JarFile code quality. - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class. - S8000539, CVE-2013-0431: Introspect JMX data handling. - S8000540, CVE-2013-1475: Improve IIOP type reuse management. - S8000631, CVE-2013-1476: Restrict access to class constructor. - S8001235, CVE-2013-0434: Improve JAXP HTTP handling. - S8001242: Improve RMI HTTP conformance. - S8001307: Modify ACC_SUPER behavior. - S8001972, CVE-2013-1478: Improve image processing. - S8002325, CVE-2013-1480: Improve management of images. * Backports: - S7054590: (JSR-292) MethodHandleProxies.asInterfaceInstance() accepts private/protected nested interfaces. - S7175616: Port fix for TimeZone from JDK 8 to JDK 7. - S8002068: Build broken: corba code changes unable to use new JDK 7 classes. - S8004341: Two JCK tests fails with 7u11 b06. - S8005615: Java Logger fails to load tomcat logger implementation (JULI). * IcedTea7 2.1.6 release: * Security fixes: - S8004937, CVE-2013-1484: Improve proxy construction. - S8006439, CVE-2013-1485: Improve MethodHandles coverage. - S8006446, CVE-2013-1486: Restrict MBeanServer access. - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages. - S8007688: Blacklist known bad certificate. * Backports: - S7123519: problems with certification path. - S8007393: Possible race condition after JDK-6664509. - S8007611: logging behavior in applet changed. * Fix font suggestion for indic fonts in wheezy. * Fix fontconfig definitions for japanese and korean fonts, fixing compilation of the fontconfig file. * Add Built-Using: rhino attribute for the -lib package. * Don't use concurrent features to rewrite the rhino jar file. * Enable class data sharing for the hotspot server VM. * Enable bootstrap builds for alpha. * Explicitly disable building on mips/mipsel. Not supported by the Debian OpenJDK maintainers, the Debian mips porters, or the Debian Java team. -- Matthias Klose Thu, 21 Feb 2013 03:38:13 +0100 openjdk-7 (7u3-2.1.4-1) unstable; urgency=low * IcedTea7 2.1.4 release. * Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries - S8006017, CVE-2013-0422: Improve lookup resolutions - S8006125: Update MethodHandles library interactions * Loosen OpenGL dependency. Closes: #695028. * Fix error parsing drop files parameter from pcmanfm (Alberto Fernández Martínez). Closes: #695992. -- Matthias Klose Wed, 16 Jan 2013 11:46:20 +0100 openjdk-7 (7u3-2.1.3-1) unstable; urgency=low * IcedTea7 2.1.3 release. * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking. - S7093490: adjust package access in rmiregistry. - S7143535, CVE-2012-5068: ScriptEngine corrected permissions. - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp. - S7158807: Revise stack management with volatile call sites. - S7163198, CVE-2012-5076: Tightened package accessibility. - S7167656, CVE-2012-5077: Multiple Seeders are being created. - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types. - S7169887, CVE-2012-5074: Tightened package accessibility. - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector. - S7172522, CVE-2012-5072: Improve DomainCombiner checking. - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC. - S7189103, CVE-2012-5069: Executors needs to maintain state. - S7189490: More improvements to DomainCombiner checking. - S7189567, CVE-2012-5085: java net obselete protocol. - S7192975, CVE-2012-5071: Issue with JMX reflection. - S7195194, CVE-2012-5084: Better data validation for Swing. - S7195549, CVE-2012-5087: Better bean object persistence. - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved. - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance. - S7196190, CVE-2012-5088: Improve method of handling MethodHandles. - S7198296, CVE-2012-5089: Refactor classloader usage. - S7158801: Improve VM CompileOnly option. - S7158804: Improve config file parsing. - S7198606, CVE-2012-4416: Improve VM optimization. * Backports - S7175845: "jar uf" changes file permissions unexpectedly. - S7177216: native2ascii changes file permissions of input file. - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512. - S7158800: Improve storage of symbol tables. -- Matthias Klose Wed, 17 Oct 2012 16:03:47 +0200 openjdk-7 (7u3-2.1.2-2ubuntu1) precise-security; urgency=low * Make the avian VM a known runtime. -- Matthias Klose Sat, 08 Sep 2012 16:01:31 +0200 openjdk-7 (7u3-2.1.2-2) unstable; urgency=high * Pass -avoid-version to libtool to create a JamVM libjvm.so without SONAME version numbers to match the Hotspot Server/Client libjvm.so. LP: #850433. -- Matthias Klose Tue, 04 Sep 2012 17:55:43 +0200 openjdk-7 (7u3-2.1.2-1) unstable; urgency=high * IcedTea7 2.1.2 release. * Security fixes - CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531. - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder. - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects. - S7163201, CVE-2012-0547: Simplify toolkit internals references. * d/p/hotspot-sparc.diff: Remove, integrated upstream. * Stop running the mauve tests. -- Matthias Klose Mon, 03 Sep 2012 23:17:11 +0200 openjdk-7 (7~u3-2.1.1-3) unstable; urgency=low * d/rules: Ensure we don't remove -02 (default) when -03 is disabled (fix jamvm FTBFS on armhf without -02). * d/patches/gcc-jdk-opt-O0.diff, d/patches/gcc-jdk-opt-O2.diff, d/patches/gcc-no-hardening.diff, d/patches/gcc-opt-O2.diff: removed. -- Damien Raude-Morvan Wed, 25 Jul 2012 21:18:15 +0200 openjdk-7 (7~u3-2.1.1-2) unstable; urgency=low * d/rules: On Debian Wheezy/Sid bump Build-Depends on libnss3-dev (>= 2:3.13.4) and Depends on libnss3 (>= 2:3.13.4) (ie. with epoch). (Closes: #679465). * d/control: Suggests icedtea-7-plugin instead of icedtea6-plugin (Closes: #680284). * d/patches/7130140-MouseEvent-systemout.diff: Remove "MEvent. CASE!" from console output. (Closes: #679036). * Disable -O3 compile: cause wrong Math.* computations. (Closes: #679292 and Closes: #678228). LP: #1044857. * debian/patches/FreetypeFontScaler_getFontMetricsNative.diff: Fix "OpenJDK returns the text height greater than font size". (Closes: #657854) -- Damien Raude-Morvan Sat, 30 Jun 2012 18:17:51 +0200 openjdk-7 (7~u3-2.1.1-1) unstable; urgency=medium * New upstream release with security fixes (Closes: #677486): - S7079902, CVE-2012-1711: Refine CORBA data models - S7110720: Issue with vm config file loadingIssue with vm config file loading - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC - S7143872, CVE-2012-1718: Improve certificate extension processing - S7145239: Finetune package definition restriction - S7152811, CVE-2012-1723: Issues in client compiler - S7157609, CVE-2012-1724: Issues with loop - S7160677: missing else in fix for 7152811 - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile - S7165628, CVE-2012-1726: Issues with java.lang.invoke.MethodHandles.Lookup * Patches merged upstream: - debian/patches/arm-thumb-fix.diff - debian/patches/gcc-4.7.diff [ James Page ] * Cherry picked patch from openjdk-6 to fix handling of ICC profiles (LP: #888123, #888129) (Closes: #676351). [ Damien Raude-Morvan ] * Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package to Recommends (Closes: #661465). * New jni_md_h_JNIEXPORT_visibility.patch to allow JNIEXPORT definition to work with -fvisibility=hidden. (Closes: #670896). -- Damien Raude-Morvan Mon, 11 Jun 2012 21:01:10 +0200 openjdk-7 (7~u3-2.1.1~pre1-2) unstable; urgency=low * Don't mark the -demo package as Multi-Arch same. Closes: #670038. * Build using gcc-4.4 on mips, mipsel. * Build again with older gcj version on s390 (4.6). -- Matthias Klose Thu, 03 May 2012 10:44:20 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu3) precise-proposed; urgency=low * Default to the ARM assembler interpreter instead to JamVM on ARM. LP: #993380. -- Matthias Klose Wed, 02 May 2012 17:58:20 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu2) precise; urgency=low * Use the /usr/bin path for the policytool desktop file. LP: #980205. Closes: #670037. -- Matthias Klose Thu, 12 Apr 2012 23:29:06 +0200 openjdk-7 (7~u3-2.1.1~pre1-1ubuntu1) precise; urgency=low * Regenerate the control file. -- Matthias Klose Wed, 11 Apr 2012 07:21:41 +0200 openjdk-7 (7~u3-2.1.1~pre1-1) unstable; urgency=low * Update from the IcedTea7-2.1 release branch (20110410). * Install desktop files again, using the common /usr/bin/java interpreter name. * Build-depend on libpng-dev for newer releases. Closes: #662452. * Let dlopen handle finding the libpcsclite library. LP: #898689. * Build-depend on fonts-ipafont-mincho, fixing a build failure in the fontconfig compiler (find out why it breaks ...). * Build using gcc-4.7/gcj-4.7 for sid/wheezy, fix build failure. * Remove `-icedtea' suffix from the release identification. * Fix arm thumb build, update taken from IcedTea6. -- Matthias Klose Tue, 10 Apr 2012 14:11:09 +0200 openjdk-7 (7~u3-2.1-4) unstable; urgency=low [ Matthias Klose ] * Don't install the binary fontconfig file. LP: #964303. [ Damien Raude-Morvan ] * Remove libxp-dev check in configure.ac, it's not needed anymore (Closes: #657260) and so drop build dependency on libxp-dev. * Fix FTBFS with glib 2.32 by adding explicit dependency gthread-2.0.pc (Closes: #665666). * Use libpng-dev instead of libpng12-dev for wheezy/sid (Closes: #662453). -- Damien Raude-Morvan Mon, 09 Apr 2012 00:21:20 +0200 openjdk-7 (7~u3-2.1-3) unstable; urgency=low * d/rules,Makefile.am: Improve handling of dpkg-buildflags: don't overwrite CFLAGS of hotspot but use EXTRA_* flags into icedtea and openjdk Makefile. (Closes: #661695). * d/rules: Build everything with -03 opt level (jamvm, cacao and jdk) * d/patches/kfreebsd-support-*.diff: Refresh kfreebsd patches and fix FTBFS on k-i386 (ie. at least on a sid VM). * Backport S7104625 as d/patches/icedtea7-forest-jdk_7104625*.patch to check for logging to prevent wasted CPU (Closes: #651423). -- Damien Raude-Morvan Tue, 06 Mar 2012 01:09:09 +0100 openjdk-7 (7~u3-2.1-2) unstable; urgency=low [ Matthias Klose ] * Use NanumMyeongjo as the preferred korean font. LP: #792471. * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when ifr_ifindex exceeds 255. LP: #925218. S7078386. * Use IPAfont as the preferred japanesse font. Closes: #646054. * Build using gcj on alpha and armel. Closes: #655750. [ Damien Raude-Morvan ] * d/patches/sparc-stubgenerator.diff: Fix FTBFS on sparc on stubGenerator_sparc.cpp by using explicit class typedef (Closes: #660871). * d/patches/fix_extra_flags.diff: Improve support for hardened build, also send flags to jdk build and send -Wl,-z,relro during hotspot link. * Bump Standards-Version to 3.9.3: no changes needed. * d/control: Don't use nonexistent dlopenjl:Recommends substvar, replaced by dlopenhl:Recommends. * d/*.{prerm,postrm}: Use set -e inside script instead of sh -e shebang. * Cleanup lintian-overrides. -- Damien Raude-Morvan Wed, 29 Feb 2012 00:52:49 +0100 openjdk-7 (7~u3-2.1-1ubuntu2) precise; urgency=low * Make sure that the nss.cfg doesn't mention any library path. LP: #939361, #939419. * Disable the accessibility wrapper, doesn't work yet. LP: #935296. -- Matthias Klose Fri, 24 Feb 2012 15:10:12 +0100 openjdk-7 (7~u3-2.1-1ubuntu1) precise; urgency=low [ Damien Raude-Morvan ] * d/patches/jexec.diff: Dropped, uneeded and not compatible with multi-arch. * d/rules: Use dpkg-buildflags to enable hardened build. (Closes: #660021). [ Matthias Klose ] * Merge r522 from openjdk6: - Make upgrades from non-multiarch to multiarch builds more silent. - Fix order of grant decls in java.policy. - Make doc files multi-arch installable. - JB-archive.applications.in: Use /usr/bin/java by default. Maybe should be moved to the default-jdk package. * Explicitly look for the gthread-2.0 pkgconfig module. -- Matthias Klose Wed, 22 Feb 2012 14:07:16 +0100 openjdk-7 (7~u3-2.1-1) unstable; urgency=low * Update icedtea7 2.1 (OpenJDK7 ~u3 release): - Check for logging to prevent wasted CPU (Closes: #651423). * Fix following security issues: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server [ Matthias Klose ] * openjdk-7-jre-lib: Mark as Multi-Arch: foreign. [ Damien Raude-Morvan ] * Merge r501-521 from openjdk6: - Fix plugin name in jinfo file. - Fix build flags for cppInterpreter_arm.o. - Use java-atk-wrapper instead of java-access-bridge for accessibility. - Make the java.policy file multi-arch installable. - Don't install desktop and menu files for multiarch builds. Needs a better solution. - Don't install an alternative for the deprecated apt tool. - Make the upgrade from a non-multiarch installation location more robust; don't depend on version numbers, but check the path of the alternatives. - Disable test for armel and powerpc (broken on buildd) * d/rules: Make symbolic links to src.zip on /usr/lib/jvm/java-7-openjdk-amd64 like openjdk-6-jdk (Closes: #649618). * d/rules: Pass -n to gzip when compressing manpages to be Multi-Arch: same safe. * d/rules: Add build-arch/build-indep target. * d/rules: Re-enable Cacao VM! * d/{rules,control}: Only rhino 1.7R3 is supported by openjdk7, update B-D. * d/patches/hotspot-s390.diff: Update for latest Hotspot. * d/patches/icedtea-patch.diff: Move nssLibraryDirectory handling to d/rules. * d/rules: Remove --with-*-drop-zip options, as code drops are embedded. * d/patches/hsx23-zero.patch, patches/shark-compiler-fixes.patch: Fix FTBFS for Zero under Hotspot >= v22. * d/patches/kfreebsd-*: Refreshed. * d/control: Make openjdk-7-source:all package binNMU-able by using Depends ">=" on openjdk-7-jre (ie. src.zip won't change). -- Damien Raude-Morvan Wed, 15 Feb 2012 20:55:52 +0100 openjdk-7 (7~b147-2.0-1) unstable; urgency=low * New upstream IcedTea7 release. - S7000600, CVE-2011-3547: InputStream skip() information leak. - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor. - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow. - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager. - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak. - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine. - S7055902, CVE-2011-3521: IIOP deserialization code execution. - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks. - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST). - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer. - S7077466, CVE-2011-3556: RMI DGC server remote code execution. - S7083012, CVE-2011-3557: RMI registry privileged code execution. - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection. [ Matthias Klose ] * Merge debian packaging r501 from openjdk-6: - Tighten inter-package dependencies for Debian builds. Closes: #641240. * Build-depend on wdiff. -- Damien Raude-Morvan Sat, 01 Oct 2011 10:53:15 +0200 openjdk-7 (7~b147-2.0~pre6-2) unstable; urgency=low * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar to sun.* code. * d/patches/s390_hotspot_fix.diff: Update to fix FTBFS on s390. -- Damien Raude-Morvan Sat, 01 Oct 2011 10:53:15 +0200 openjdk-7 (7~b147-2.0~pre6-1) unstable; urgency=low * Update to IcedTea7 (20110928). [ Matthias Klose ] * Merge debian packaging r496 from openjdk-6: - Fix dangling java-1.7.0-openjdk symlink for non-multiarch builds. [ Damien Raude-Morvan ] * d/rules: --disable-compile-against-syscalls for kFreeBSD (since there is no epoll support). * Update patches: - d/patches/sun-awt-buildsystem.diff: Drop, merged upstream. - d/patches/icedtea-override-redirect-compiz.patch: Refresh. - d/patches/s390_hotspot_fix.diff: Extracted (instead of direct patch). * Add Build-Depends on libattr1-dev. -- Damien Raude-Morvan Wed, 28 Sep 2011 17:19:33 +0200 openjdk-7 (7~b147-2.0~pre5-1) unstable; urgency=low * Update to IcedTea7 (20110914). - d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest (for real this time). - d/patches/sun-awt-buildsystem.diff: Fix icedtea7-forest awt build. * d/patches/kfreebsd-support-jdk.diff: Refresh. * d/patches/icedtea-patch.diff: Remove usage of nssLibraryDirectory because while it works for nss3, it fails for softokn3 (since the latter is in nss/ subdirectory). Without this parameter, openjdk-7 will rely on default ld.so behavior. (Closes: #637337, #638008) In openjdk-6, nssLibraryDirectory was not used to load softokn3 (Secmod). * d/control: openjdk-7-jre Provides java7-runtime, openjdk-7-jre-headless Provides java7-runtime-headless and openjdk-7-jdk Provides java7-jdk. (Closes: #641668). -- Damien Raude-Morvan Mon, 19 Sep 2011 16:33:15 +0200 openjdk-7 (7~b147-2.0~pre4-1) unstable; urgency=low * Update to IcedTea7 (20110906): - JamVM: support for armhf and other various fixes. * Upload to unstable. * Regenerate control file for debian unstable. * Makefile.am: Force JAVA_HOME for ant call to --with-jdk-home value (without this, it defaults to existing JAVA_HOME env or /usr/bin/java link) -- Damien Raude-Morvan Mon, 05 Sep 2011 23:50:43 +0200 openjdk-7 (7~b147-2.0~pre3-3ubuntu2) oneiric; urgency=low * Merge debian packaging r491 from openjdk-6: - Move the -lib files into a different location so that the java-7-openjdk name can be used as a symlink. - Symlink the jre/cmm directory, instead of the files inside. Closes: #639883. -- Matthias Klose Thu, 01 Sep 2011 21:08:45 +0200 openjdk-7 (7~b147-2.0~pre3-3ubuntu1) oneiric; urgency=low * Regenerate the control file. -- Matthias Klose Sun, 28 Aug 2011 23:42:18 +0200 openjdk-7 (7~b147-2.0~pre3-3) experimental; urgency=low * Merge debian packaging r485:489 from openjdk-6: - Build using GCC-4.4 on sparc and sparc64. - Enable testsuite runs in s390x. * Merge debian packaging r490 from openjdk-6: - Set plugin name for the jinfo file. Closes: #638548, - Disable the mauve testsuite on i386. - Make the installation multiarch aware. -- Matthias Klose Sun, 28 Aug 2011 20:42:54 +0200 openjdk-7 (7~b147-2.0~pre3-2) experimental; urgency=low * d/patches/jdk-no-mapfile.diff: Re-add was not merged into current (e46d527097f1) revision but latter. -- Damien Raude-Morvan Mon, 22 Aug 2011 00:11:33 +0200 openjdk-7 (7~b147-2.0~pre3-1) experimental; urgency=low * Update to IcedTea7 (20110821): - JamVM updates. - S7070134,S7044738,S7068051,S7073913: Fix random segfaults and related invalid results from loop unroll optimization. - d/patches/jdk-no-mapfile.diff: Drop, merged in icedtea7-forest. [ Matthias Klose ] * Build using GCC-4.4 on mips/mipsel. Closes: #628620. * Merge debian packaging r482:485 from openjdk-6: - Call dbus-launch --exit-with-session in testsuite. Closes: #612394. - Build for s390x using Zero. [ Damien Raude-Morvan ] * d/patches/kfreebsd-support-hotspot.diff: Add workaround to handle #637378. * d/generate-dfsg-zip.sh: Update to also handle langtools.tar.gz. Closes: #623693. -- Damien Raude-Morvan Sun, 21 Aug 2011 20:08:50 +0200 openjdk-7 (7~b147-2.0~pre2-3) experimental; urgency=low * d/patches/kfreebsd-support-hotspot.diff: Fix access to CPU registry under kfreebsd-amd64. -- Damien Raude-Morvan Sun, 07 Aug 2011 12:22:47 +0200 openjdk-7 (7~b147-2.0~pre2-2) experimental; urgency=low * d/patches/kfreebsd-support-jamvm.diff: Add support for kfreebsd-amd64. * d/patches/kfreebsd-support-hotspot.diff: Small fixes for Hotspot on kfreebsd-i386. * Split d/patches/hotspot-s390.diff and zero-missing-headers.diff. * Re-add missing changes from last upload: - patches/use-idx_t.patch: Edit upstream patch to avoid FTBFS on s390. - Makefile.{am,im}: Force bootclasspath (useful when building from openjdk-6). -- Damien Raude-Morvan Sat, 06 Aug 2011 23:50:58 +0200 openjdk-7 (7~b147-2.0~pre2-1) experimental; urgency=low * Update to icedtea7-forest snapshot (20110804): - d/patches/pr753.diff: drop, merged in icedtea7-forest. - d/patches/pr757.diff: drop, merged in icedtea7-forest. - d/patches/zero-jsr292-fixes.diff: drop, merged in icedtea7-forest. - d/patches/no-compiler-path.diff: drop, now handled correctly icedtea7's configure and openjdk's Makefile (by CC and CXX environment variables). - Updated JamVM to the 2011-08-01 revision. [ Damien Raude-Morvan ] * d/patches/zero-fpu-control-is-noop.diff: Remove ShouldNotCallThis from os_linux_zero.cpp (fix crash under i386). * d/rules: Enable support for GNU/kFreeBSD arch: - d/patches/kfreebsd-support-*: Update with latest fixes. - d/patches/kfreebsd-sync-issues.diff: hack to force some wait until we fix sync issues. - d/rules: Enable shark for GNU/kFreeBSD. * d/rules: Use DEB_HOST_ARCH_CPU for jvmarch/archdir. Thanks to Jérémie Koenig for patch. * d/patches/jexec.diff: Update for openjdk-7. * d/JB-jdk.overrides.in: Fix override for new Lintian 2.5.0 path handling. * d/icedtea-7-jre-jamvm.overrides: As for others libjvm.so, we use --strip-debug instead of --strip-unneeded. * d/source.lintian-overrides: Drop, not used anymore in openjdk-7. [ Matthias Klose ] * Merge debian packaging r472:482 from openjdk-6: - openjdk-6-jre-headless: Depend on icedtea-6-jre-jamvm, if it's the default VM. - Use gcj-4.4 as the stage1 java VM on mips and mipsel. - Make JamVM the default VM on Ubuntu oneiric/ARM. -- Matthias Klose Thu, 04 Aug 2011 11:38:01 +0200 openjdk-7 (7~b147-2.0~pre1-1) experimental; urgency=low * New b147 code drop (OpenJDK7 RC1). [ Matthias Klose ] * Fix build on sparc64. * Recognize 32bit user space on sparc. * Build shark using llvm-2.9. [ Damien Raude-Morvan ] * d/patches/zero-jsr292-fixes.diff: Fixes on Zero/Shark for JSR 292 support from Chris Phillips . * d/generate-dfsg-zip.sh: Update for OpenJDK7 as a first step to get #623693 fixed. * d/patches/kfreebsd-*: WiP patches for GNU/kFreeBSD support (not yet enabled by default). -- Matthias Klose Sun, 17 Jul 2011 16:08:51 +0200 openjdk-7 (7~b143-2.0~pre1-2) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 12 Jul 2011 14:30:01 +0200 openjdk-7 (7~b143-2.0~pre1-1ubuntu1) oneiric; urgency=low * Fix zero builds on non-ix86 architectures. * Fix build on sparc. * Build using jpeg8. -- Matthias Klose Tue, 12 Jul 2011 14:25:24 +0200 openjdk-7 (7~b143-2.0~pre1-1) experimental; urgency=low [ Damien Raude-Morvan ] * New b143 code drop. * Drop d/patches/7031385.diff: Merged upstream. * Drop d/patches/jamvm-oj7.patch: Merged upstream. * Manpages are now ja_JP.UTF-8 instead of ja_JP.eucJP [ Matthias Klose ] * Apply fix for IcedTea issue #753, #757. * Update s390 hotspot build fixes. * Re-enable zero on i386. -- Matthias Klose Sun, 10 Jul 2011 14:28:17 +0200 openjdk-7 (7~b136-2.0~pre1-2) experimental; urgency=low * Disable zero on i386. -- Matthias Klose Sun, 29 May 2011 12:37:03 +0200 openjdk-7 (7~b136-2.0~pre1-1ubuntu1) oneiric; urgency=low * Upload to oneiric. -- Matthias Klose Sun, 29 May 2011 07:59:01 +0200 openjdk-7 (7~b136-2.0~pre1-1) experimental; urgency=low [ Matthias Klose ] * Fix non-bootstrap builds. * Merge debian packaging r469:472 from openjdk-6. * Run jtreg tests using JamVM too. * Don't run the jtreg tests with the NSS security provider enabled. * Update JamVM to 20110528. * Re-enable the zero build, keep the shark builds disabled. [ Damien Raude-Morvan ] * Only apply jamvm-oj7.patch when jamvm build in enabled. -- Matthias Klose Sat, 28 May 2011 17:17:23 +0200 openjdk-7 (7~b136-1.14+debian1-1) experimental; urgency=low * New upstream release: Icedtea 1.14. - debian/patches/jamvm-oj7.patch: support new instruction (JVM_FindClassFromBootLoader) in JamVM. - Makefile.am: Fix some missing depends between patch and extract targets. * debian/patches/nonreparenting-wm.diff: Update. * Replace B-D on libxalan2-java by xsltproc for bootstrapping JMVTI. * Don't use GCJ_SUFFIX=4.6 for sid/wheezy/oneiric as GCJ version is not homogeneous between arch. * Enable JamVM support: - d/control: Add B-D on libtool. -- Damien Raude-Morvan Thu, 26 May 2011 23:03:56 +0200 openjdk-7 (7~b136-1.14~pre0-4) experimental; urgency=low * Re-add build dependency on fastjar. * Fix dependency on liblcms2-2. -- Matthias Klose Sun, 08 May 2011 10:21:21 +0200 openjdk-7 (7~b136-1.14~pre0-3) experimental; urgency=low * Fix liblcms dependency for -jre-headless package. -- Damien Raude-Morvan Sat, 07 May 2011 17:20:15 +0200 openjdk-7 (7~b136-1.14~pre0-2ubuntu2) oneiric; urgency=low * Re-add build dependency on fastjar. -- Matthias Klose Sun, 08 May 2011 02:51:47 +0200 openjdk-7 (7~b136-1.14~pre0-2) experimental; urgency=low * Fix build failure on i386 with GCC 4.6. -- Matthias Klose Fri, 06 May 2011 17:10:00 +0200 openjdk-7 (7~b136-1.14~pre0-1) experimental; urgency=low [ Damien Raude-Morvan ] * New b136 code drop: - d/rules: Use jaxp-1_4_5-dev1.zip as jaxp-drop-zip. - d/patches/icedtea-pretend-memory.diff: Refreshed. [ Matthias Klose ] * Fix -jre-lib dependency on -jre. Closes: #624846. * Add lcms configury. -- Matthias Klose Thu, 05 May 2011 21:08:55 +0200 openjdk-7 (7~b130-1.14~pre0-2) experimental; urgency=low * Remove obsolete conflicts. Closes: #624090. * Add copyright for the rewriter class. Addresses part of #623693. * Lower priorities for the alternatives below these of OpenJDK 6, as long as OpenJDK 7 is not yet released. * Don't build HotSpot with -Werror on architectures other than amd64 and i386. -- Matthias Klose Wed, 27 Apr 2011 23:03:45 +0200 openjdk-7 (7~b130-1.14~pre0-1) experimental; urgency=low * New b130 code drop. * Merge debian packaging r464:469 from openjdk-6. * Do not bump the epoch, package was never uploaded to any official repository. -- Matthias Klose Wed, 20 Apr 2011 21:46:32 +0200 openjdk-7 (1:7~b129-1.14~pre0-1) experimental; urgency=low * New b129 code drop. * Bump epoch to 1 and use ~ to indicate that's not openjdk-7 final relaase. -- Damien Raude-Morvan Mon, 14 Feb 2011 00:34:45 +0100 openjdk-7 (7b128-1.14~pre0-1) UNRELEASED; urgency=low * New b128 code drop. * Exclude "release" file for dh_install. -- Damien Raude-Morvan Mon, 07 Feb 2011 23:45:13 +0100 openjdk-7 (7b126-1.14~pre0-1) UNRELEASED; urgency=low * Merge debian packaging r446:464 from openjdk-6 but keep the following changes : - Replace DISABLE_PRECOMPILED_HEADER=1 by USE_PRECOMPILED_HEADER=0 - Use "ant, ant-optionnal" for all distrel - Drop "with_hotspot" variable (only one hotspot supported by IcedTea7) - Drop --enable-xrender (not supported by IcedTea7) * New b125 code drop: - d/rules: Use new archives by --with-*-src-zip * Refresh patches: - d/patches/shebang.diff: Year updated - d/patches/ld-symbolic-functions.diff and d/patches/no-compiler-path.diff: Changed corba generic Makefiles. - d/patches/default-jvm-cfg.diff and d/patches/set-exec-name.diff: Upstream merged "solaris" and "linux" java.c and java_md.c * Drop patches: - d/patches/too-many-args-ftbfs.diff (merged upstream) - d/patches/sparc.diff (merges upstream) - d/patches/hotspot-include-fixes.diff (includeDB dropped upstream) -- Damien Raude-Morvan Mon, 24 Jan 2011 00:18:38 +0100 openjdk-7 (7b106~pre1-0lucid2) lucid; urgency=low * Build for lucid. -- Matthias Klose Thu, 09 Sep 2010 15:32:13 +0200 openjdk-7 (7b106~pre1-0ubuntu2) maverick; urgency=low * Build openjdk-7 snapshot (7b106) * Symlink timezone data. * Disable shark builds, currently broken in 7b106. -- Matthias Klose Tue, 07 Sep 2010 04:56:48 +0200 openjdk-7 (7b89-1.13-0ubuntu1) maverick; urgency=low * Update to the IcedTea 1.13 release. * openjdk-7-jre: Recommend ttf-dejavu-extra. LP: #569396. -- Matthias Klose Fri, 30 Jul 2010 01:19:45 +0200 openjdk-7 (7b89~pre1-0lucid3) lucid; urgency=low * Include docs in the -doc package. LP: #600834. * Update from the IcedTea6 trunk. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Fix inter-package dependencies. -- Matthias Klose Thu, 15 Jul 2010 18:12:17 +0200 openjdk-7 (7b89~pre1-0lucid1) lucid; urgency=low [ Damien Raude-Morvan ] * Merge debian packaging r403:430 from openjdk-6. * Add myself to Uploaders. * Build openjdk-7 snapshot (7b89) * Use ant+ant-optional (IcedTea7 support ant 1.8). * Merge debian packaging r431:436 from openjdk-6. [ Matthias Klose ] * Merge debian packaging r430:445 from openjdk-6. * Update debian patches to 7b89. * Reenable the two stage build. * Reenable building cacao. * Reenable building zero. -- Matthias Klose Tue, 13 Jul 2010 10:32:11 +0200 openjdk-7 (7b77-0ubuntu1~ppa1) lucid; urgency=low * Build openjdk-7 snapshot (7b77). * Merge debian packaging r391:403 from openjdk-6. -- Matthias Klose Mon, 21 Dec 2009 16:58:34 +0100 openjdk-7 (7b72-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b72). * Merge debian packaging r371:391 from openjdk-6. * Disable the zero build for now. -- Matthias Klose Sat, 03 Oct 2009 16:35:27 +0200 openjdk-7 (7b66-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b66). * Merge debian packaging r362:371 from openjdk-6. -- Matthias Klose Thu, 06 Aug 2009 12:40:00 +0200 openjdk-7 (7b59-0ubuntu1) karmic; urgency=low * Reenable the build of zero. * Reapply fontconfig patch. * Apply icedtea-cacao-no-mmap-first-page patch. -- Matthias Klose Fri, 29 May 2009 10:19:26 +0200 openjdk-7 (7b59-0ubuntu1~ppa1) karmic; urgency=low * Build openjdk-7 snapshot (7b59). * Merge debian packaging r205:362 from openjdk-6. -- Matthias Klose Wed, 27 May 2009 12:09:16 +0200 openjdk-7 (7b40-0ubuntu2) jaunty; urgency=low * Add build dependency on libxrender-dev. * Don't use fastjar on ia64, working around a build failure. * Add configury for shark builds. -- Matthias Klose Thu, 04 Dec 2008 16:26:15 +0100 openjdk-7 (7b40-0ubuntu1) jaunty; urgency=low * Build openjdk-7 snapshot (7b40). * Update packaging for openjdk-7. -- Matthias Klose Tue, 02 Dec 2008 14:27:03 +0100 openjdk-6 (6b22-1.10.1-0ubuntu1) natty; urgency=low * IcedTea6 1.10.1 release. -- Matthias Klose Tue, 05 Apr 2011 12:20:36 +0200 openjdk-6 (6b22-1.10.1~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 26 Mar 2011 10:43:49 +0100 openjdk-6 (6b22-1.10.1~pre1-0ubuntu1) natty; urgency=low * Update from the IcedTea6-1.10 release branch (20110325). * Add multiarch directories to the default library path. LP: #737603. -- Matthias Klose Fri, 25 Mar 2011 16:33:57 +0100 openjdk-6 (6b22-1.10-3) experimental; urgency=low * Fix JamVM build on mips/mipsel (Robert Lougher). * Re-enable the JamVM build on mips/mipsel. -- Matthias Klose Sun, 06 Mar 2011 15:01:54 +0100 openjdk-6 (6b22-1.10-2) experimental; urgency=low * Mention that IcedTea is copyrigh GPLv2 + "CLASSPATH" EXCEPTION. Closes: #611269. * Don't run the jdk checks for the alternate builds (hotspot and langtools checks are still run). * Disable the JamVM build on mips/mipsel. -- Matthias Klose Sat, 05 Mar 2011 16:13:40 +0100 openjdk-6 (6b22-1.10-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Fri, 04 Mar 2011 16:12:50 +0100 openjdk-6 (6b22-1.10-0ubuntu2) natty; urgency=low * Disable the jdk tests with the Shark, JamVM and Cacao VMs. -- Matthias Klose Fri, 04 Mar 2011 15:32:50 +0100 openjdk-6 (6b22-1.10-0ubuntu1) natty; urgency=low * IcedTea6 1.10 release. -- Matthias Klose Thu, 03 Mar 2011 09:32:19 +0100 openjdk-6 (6b21~pre3-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20110224). * icedtea-6-jre-jamvm: Build JamVM as an alternative VM, start with `java -jamvm'. -- Matthias Klose Thu, 24 Feb 2011 02:45:56 +0100 openjdk-6 (6b21~pre2-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20110217). * Update hotspot hs20 (not yet enabled). * Add ppc64 packaging bits. -- Matthias Klose Fri, 18 Feb 2011 15:55:41 +0100 openjdk-6 (6b21~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sat, 22 Jan 2011 15:34:21 +0100 openjdk-6 (6b21~pre1-0ubuntu1) natty; urgency=low * Update to 6b21. -- Matthias Klose Sat, 22 Jan 2011 14:28:28 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu4) natty; urgency=low * Fix shark build on powerpc. -- Matthias Klose Fri, 24 Dec 2010 11:06:32 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu3) natty; urgency=low * Update from the IcedTea6 trunk (20101223). -- Matthias Klose Thu, 23 Dec 2010 14:27:17 +0100 openjdk-6 (6b20-1.10~pre3-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20101126). * Update hotspot hs19. * Fix build failures on ia64, s390 and sparc64. -- Matthias Klose Fri, 26 Nov 2010 16:38:16 +0100 openjdk-6 (6b20-1.10~pre2-0ubuntu7~ppa1) natty; urgency=low * Reenable shark on amd64, but build using llvm-2.7. -- Matthias Klose Thu, 21 Oct 2010 23:59:30 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu5) natty; urgency=low * Don't try to set up an alternative for javaws -- Matthias Klose Thu, 21 Oct 2010 17:38:48 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu3) natty; urgency=low * Stop building zero/shark on amd64. Fails the self tests. -- Matthias Klose Thu, 21 Oct 2010 13:49:56 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu2) natty; urgency=low * Don't include OpenJDK's javaws either. * openjdk-6-jre: Recommend icedtea-netx. -- Matthias Klose Thu, 21 Oct 2010 08:34:07 +0200 openjdk-6 (6b20-1.10~pre2-0ubuntu1) natty; urgency=low * Update from the IcedTea6 trunk (20101020). * Remove the plugin and javaws from the packaging, removed upstream. -- Matthias Klose Wed, 20 Oct 2010 17:45:09 +0200 openjdk-6 (6b20-1.10~pre1-0ubuntu2) natty; urgency=low * Build with hotspot 19. -- Matthias Klose Thu, 14 Oct 2010 11:28:38 +0200 openjdk-6 (6b20-1.10~pre1-0ubuntu1) natty; urgency=low * Snapshot, taken from the IcedTea6 trunk (20101013). -- Matthias Klose Wed, 13 Oct 2010 08:36:44 +0200 openjdk-6 (6b20-1.9.2-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Wed, 24 Nov 2010 05:29:43 +0100 openjdk-6 (6b20-1.9.2-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.9.2 release. - CVE-2010-3860: Fix IcedTea System property information leak via public static. * Build using Hotspot hs19. * Start metacity using dbus-launch, when running the testsuite. LP: #632594. -- Matthias Klose Sun, 21 Nov 2010 18:30:39 +0100 openjdk-6 (6b20-1.9.1-1ubuntu3) maverick-security; urgency=low * Move all japanese man pages belonging to the jre into the -jre package. Closes: #600765. * Add -jdk replaces for -jre and -jre-headless. Closes: #600809. -- Matthias Klose Wed, 20 Oct 2010 12:51:34 +0200 openjdk-6 (6b20-1.9.1-1ubuntu1) maverick-security; urgency=low * Fix upgrade to symlinked timezone data. Closes: #600359. * Move all japanese man pages belonging to the jre into the -jre package. Closes: #600765. -- Matthias Klose Mon, 18 Oct 2010 16:07:48 +0200 openjdk-6 (6b20-1.9.1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 12 Oct 2010 15:07:35 +0200 openjdk-6 (6b20-1.9.1-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.9.1 release. - Security updates: - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation. - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition. - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities. - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free. - S6938813, CVE-2010-3557: OpenJDK Swing mutable static. - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak. - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability. - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution. - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution. - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies. - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage. - S6623943: javax.swing.TimerQueue's thread occasionally fails to start. - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host. - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting). - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code. - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection. - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts. - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection. - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection. - Plugin fixes. - Backports from newer IcedTea releases. -- Matthias Klose Tue, 12 Oct 2010 12:13:40 +0200 openjdk-6 (6b20-1.9-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Tue, 07 Sep 2010 21:19:21 +0200 openjdk-6 (6b20-1.9-0ubuntu1) maverick; urgency=low * IcedTea6 1.9 release. -- Matthias Klose Tue, 07 Sep 2010 18:13:20 +0200 openjdk-6 (6b20~pre2-0ubuntu2) maverick; urgency=low * Update from the IcedTea6 trunk. * Really let the build fail on armel. -- Matthias Klose Fri, 30 Jul 2010 16:55:38 +0200 openjdk-6 (6b20~pre2-0ubuntu1) maverick; urgency=high * Update from the IcedTea6 trunk. - (CVE-2010-2783): IcedTea 'Extended JNLP Services' arbitrary file access. - (CVE-2010-2548): IcedTea incomplete property access check for unsigned applications * openjdk-6-jre: Recommend ttf-dejavu-extra. LP: #569396. * Explicitely fail the build on armel. The ARM assembler interpreter is disabled and would a 3-5x performance regression compared to the current 6b18 armel binaries in the archive. -- Matthias Klose Thu, 29 Jul 2010 00:10:53 +0200 openjdk-6 (6b20~pre1-2) experimental; urgency=low * Upload to experimental. -- Matthias Klose Thu, 15 Jul 2010 13:55:02 +0200 openjdk-6 (6b20~pre1-1ubuntu1) maverick; urgency=low * Include docs in the -doc package. LP: #600834. * Update from the IcedTea6 trunk. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. -- Matthias Klose Thu, 15 Jul 2010 12:40:10 +0200 openjdk-6 (6b20~pre1-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Mon, 28 Jun 2010 00:50:58 +0200 openjdk-6 (6b20~pre1-0ubuntu2) maverick; urgency=low * Shark & CACAO build fixes. -- Matthias Klose Fri, 25 Jun 2010 02:27:10 +0200 openjdk-6 (6b20~pre1-0ubuntu1) maverick; urgency=low * Update to 6b20 code drop. -- Matthias Klose Wed, 14 Apr 2010 02:53:37 +0200 openjdk-6 (6b18-1.8-4) unstable; urgency=low * Update from the 1.8 branch. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). - Fix race conditions in plugin initialization code that were causing hangs when loading multiple applets in parallel. * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Don't turn on the ARM assembler interpreter when building the shark VM. -- Matthias Klose Thu, 15 Jul 2010 00:40:13 +0200 openjdk-6 (6b18-1.8-3) unstable; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. -- Matthias Klose Sun, 27 Jun 2010 10:16:27 +0200 openjdk-6 (6b18-1.8-2ubuntu3) maverick; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. -- Matthias Klose Sun, 27 Jun 2010 10:16:27 +0200 openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low * Search for unversioned llvm-config tool. -- Matthias Klose Sun, 02 May 2010 12:03:01 +0200 openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low * Upload to maverick. -- Matthias Klose Sun, 02 May 2010 11:23:16 +0200 openjdk-6 (6b18-1.8-2) unstable; urgency=low * Update from the 1.8 branch. - Fix build on Hitachi SH. Closes: #575346. - Shark and Zero fixes. * Build shark using llvm-2.7. * Don't use shark to run the test harness when testing the shark build. * README.Debian: Add paragraph about debugging the IcedTea NPPlugin. -- Matthias Klose Sat, 01 May 2010 12:35:19 +0200 openjdk-6 (6b18-1.8-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Wed, 14 Apr 2010 02:53:37 +0200 openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low * Update IcedTea6 to the icedtea6-1.8 release. * Fix builds on Ubuntu/dapper and Debian/lenny. * On hppa, configure --without-rhino --disable-plugin. * Fix Hitachi SH configury. Closes: #575346. * Start a window manager when running the tests. Prefer metacity, as more tests pass with it. * Let XToolkit.isTraySupported() return true, if Compiz is running. Works around sun#6438179. LP: #300948. * Make /jre/lib/security/nss.cfg a config file. * Fail in the configuration of the packages, if /proc is not mounted. java currently uses tricks to find its own shared libraries depending on the path of the binary. Will be changed in OpenJDK7. Closes: #576453. * Fix PR icedtea/469, testsuite failures with the NSS based security provider. LP: #556549. * Do not pass LD_LIBRARY_PATH from the plugin to the java process. While libnss3.so gets loaded from /usr/lib, the dependent libraries are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox config). LP: #561124. Closes as well: LP: #551328, #554909, #560829, #549010, #553452. * Always build shark with hs14. -- Matthias Klose Wed, 14 Apr 2010 01:53:33 +0200 openjdk-6 (6b18~pre4-1ubuntu1) lucid; urgency=low * Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev, unexpectedly demoted to universe. * icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way to do better? See #552780. * Fix builds on Ubuntu hardy. -- Matthias Klose Wed, 31 Mar 2010 22:21:49 +0200 openjdk-6 (6b18~pre4-1) unstable; urgency=high * Upload to unstable. -- Matthias Klose Wed, 31 Mar 2010 16:35:18 +0200 openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low * Fix typo in NPPlugin code. LP: #552287. -- Matthias Klose Wed, 31 Mar 2010 10:41:11 +0200 openjdk-6 (6b18~pre4-0ubuntu1) lucid; urgency=low [ Matthias Klose ] * Update IcedTea6 form the 1.8 branch. * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299). - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807). - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653). - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217). - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) [ZDI-CAN-603]. - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390). - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703). - (CVE-2010-0088): Inflater/Deflater clone issues (6745393). - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains (6633872). - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149). - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) [ZDI-CAN-588]. - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265). - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691). - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823). - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866). - (CVE-2009-3555): TLS: MITM attacks via session renegotiation. - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups. - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly. encoded CommonName OIDs. - 6910590: Application can modify command array in ProcessBuilder. - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability. - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? - 6898739: TLS renegotiation issue. [ Torsten Werner ] * Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too. (Closes: #575163) -- Matthias Klose Wed, 31 Mar 2010 02:34:04 +0200 openjdk-6 (6b18~pre3-1) unstable; urgency=low [ Matthias Klose ] * Update IcedTea build infrastructure (20100321). * Update support for SH4 (Nobuhiro Iwamatsu). * Handle renaming of the plugin name. [ Torsten Werner ] * Improve patch for IPv4 mapped IPv6 addresses even more. (Closes: #573742) -- Matthias Klose Sun, 21 Mar 2010 22:52:12 +0100 openjdk-6 (6b18~pre2-1ubuntu2) lucid; urgency=low * Fix build failure on ARM. -- Matthias Klose Fri, 12 Mar 2010 15:19:13 +0100 openjdk-6 (6b18~pre2-1ubuntu1) lucid; urgency=low * Upload to lucid. -- Matthias Klose Wed, 10 Mar 2010 23:34:57 +0100 openjdk-6 (6b18~pre2-1) unstable; urgency=low * Update IcedTea build infrastructure (20100310). * Disable building the plugin the plugin on alpha (borked xulrunner packaging using binary indep packages). * Use a two stage build on alpha. * Add note about the reparenting WM workaround. Closes: #573026. * Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane). Closes: #572511. * openjdk-6-doc: Don't compress package-list files. Closes: #567899. -- Matthias Klose Wed, 10 Mar 2010 11:19:19 +0100 openjdk-6 (6b18~pre1-4) unstable; urgency=low * Improve patch for IPv4 mapped IPv6 addresses. -- Torsten Werner Sun, 07 Mar 2010 01:14:36 +0100 openjdk-6 (6b18~pre1-3) unstable; urgency=low * Add a patch for improved handling of IPv4 mapped IPv6 addresses. (Closes: #560056, #561930, #563699, #563946) -- Torsten Werner Tue, 02 Mar 2010 23:46:57 +0100 openjdk-6 (6b18~pre1-2) unstable; urgency=low * Change Build-Depends: ant1.7-optional because of a bus error in gij. -- Torsten Werner Mon, 01 Mar 2010 07:17:16 +0100 openjdk-6 (6b18~pre1-1ubuntu1) lucid; urgency=low * Ignore error code running ant -diagnostics. * Build-depend on ant-optional. * Disable the cacao build on armel, fails to build with the non bootstrap build. -- Matthias Klose Sat, 20 Feb 2010 15:36:06 +0100 openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 19 Feb 2010 21:52:32 +0100 openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. -- Matthias Klose Fri, 19 Feb 2010 18:17:23 +0100 openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. -- Matthias Klose Sun, 31 Jan 2010 21:56:59 +0100 openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 19 Feb 2010 21:52:32 +0100 openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. -- Matthias Klose Fri, 19 Feb 2010 18:17:23 +0100 openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. -- Matthias Klose Sun, 31 Jan 2010 21:56:59 +0100 openjdk-6 (6b17-1.7-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Wed, 27 Jan 2010 23:44:47 +0100 openjdk-6 (6b17-1.7-0ubuntu1) lucid; urgency=low * IcedTea6 1.7 release. * Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999. * Run the testsuite on sh4. * Ubuntu only: Implement an execute bit checker for the Non-Exec Policy - debian/JB-java.desktop.in: update mime handler to use new launcher. * armel: Apply the thumb2 patches from the trunk, plus proposed patches for the trunk. -- Matthias Klose Wed, 27 Jan 2010 22:48:24 +0100 openjdk-6 (6b17-0ubuntu1) lucid; urgency=low * Build from the IcedTea6-1.7 branch. * Don't build the plugin on sparc64. * Enable the NPPlugin. * Add support for SH4 (Nobuhiro Iwamatsu). * Fix crash in the ARM assembler interpreter (Edward Nevill). -- Matthias Klose Wed, 06 Jan 2010 15:52:50 +0100 openjdk-6 (6b17~pre3-1ubuntu2) lucid; urgency=low * Update IcedTea build infrastructure (20091224). * Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by xvfb-run). -- Matthias Klose Thu, 24 Dec 2009 12:43:00 +0100 openjdk-6 (6b17~pre3-1ubuntu1) lucid; urgency=low * Upload to lucid. -- Matthias Klose Fri, 18 Dec 2009 10:40:05 +0100 openjdk-6 (6b17~pre3-1) unstable; urgency=low * Update IcedTea build infrastructure (20091218). * Install docs into the openjdk-6-jre-headless directory instead of openjdk-6-jre. -- Matthias Klose Fri, 18 Dec 2009 10:00:08 +0100 openjdk-6 (6b17~pre2-1ubuntu1) lucid; urgency=low * Update IcedTea build infrastructure (20091215). * Fix cacao build on armel with current optimization defaults. -- Matthias Klose Tue, 15 Dec 2009 16:41:12 +0100 openjdk-6 (6b17~pre2-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Mon, 09 Nov 2009 21:50:52 +0100 openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low * Security updates: - (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533). - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445). - (CVE-2009-3881) resurrected classloaders can still have children (6636650). - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026). - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138). - (CVE-2009-3880) UI logging information leakage (6664512). - (CVE-2009-3879) GraphicsConfiguration information leak (6822057). - (CVE-2009-3884) zoneinfo file existence information leak (6824265). - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062). - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968). - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503). - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911). - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357). - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643. - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358). * Update IcedTea build infrastructure (20091109). * Use hs16 on armel. -- Matthias Klose Mon, 09 Nov 2009 17:48:43 +0100 openjdk-6 (6b17~pre2-0ubuntu2) lucid; urgency=low * Don't use hs16 on armel and sparc. -- Matthias Klose Mon, 02 Nov 2009 15:33:00 +0100 openjdk-6 (6b17~pre2-0ubuntu1) lucid; urgency=low * New code drop (b17). * Bump hotspot to hs16. * Update IcedTea build infrastructure (20091031). * Set priority of default -jre and -jdk packages to optional. * Fix binary-all to binary-any dependencies. Closes: #550680. -- Matthias Klose Sat, 31 Oct 2009 19:30:54 +0100 openjdk-6 (6b16-1.6.1-2) unstable; urgency=medium * Build-depend on xulrunner-dev (>= 1.9.1.3-3). -- Matthias Klose Sun, 11 Oct 2009 21:34:48 +0200 openjdk-6 (6b16-1.6.1-1ubuntu3) karmic; urgency=low [Matthias Klose] * On armel and powerpc, build an additional VM using shark in the openjdk-6-jre-zero package (java -shark ). Requires llvm-2.6. * Hide the desktop menu entry for WebStart. LP: #222180. * Don't provide java-virtual-machine anymore. [Edward Nevill] * Avoid stack overflows in the arm interpreter. -- Matthias Klose Thu, 08 Oct 2009 12:41:46 +0200 openjdk-6 (6b16-1.6.1-1ubuntu2) karmic; urgency=low * Support PKCS11 cryptography via NSS, now allowing import of all certificates from ca-certificates. * Remove Michael Koch from uploaders, request by himself. * Add the doc dir symlink for openjdk-6-jre-zero when the package is built with shark support. -- Matthias Klose Mon, 28 Sep 2009 21:55:08 +0200 openjdk-6 (6b16-1.6.1-1ubuntu1) karmic; urgency=low * Fix dependency on the java bridge packages. * debian/rules: Conditionalize stuff so that the recent release is never mentioned. * Remove obsolete patches in debian/patches. * Rebuild on armel to fix up libffi for the soft float abi. * For jaunty builds, fix IcedTeaPlugin failure to start with xulrunner 1.9.1 (LP: #359407). - debian/patches/icedtea-plugin-use-runtime-nsIProcess-IID.diff: Add. - debian/rules: Apply it for jaunty builds. * Use pulseaudio as default serviceprovider for javax.sound.midi.MidiSystem and javax.sound.sampled.AudioSystem. LP: #407299. -- Matthias Klose Sat, 26 Sep 2009 16:01:48 +0200 openjdk-6 (6b16-1.6.1-1) unstable; urgency=low * Upload to Debian unstable. -- Matthias Klose Tue, 15 Sep 2009 02:17:03 +0200 openjdk-6 (6b16-1.6.1-0ubuntu1) karmic; urgency=low * Update IcedTea6 to the 1.6.1 release. * Work around GCC PR target/41327, build the JDK on s390 with -O2. -- Matthias Klose Thu, 10 Sep 2009 01:55:08 +0200 openjdk-6 (6b16-1.6-1) unstable; urgency=low * Update IcedTea6 to the 1.6 release. * Fix GCC build dependencies. -- Matthias Klose Wed, 09 Sep 2009 22:18:38 +0200 openjdk-6 (6b16-1.6~pre2-1) unstable; urgency=low * Upload to unstable. -- Matthias Klose Fri, 28 Aug 2009 19:04:31 +0200 openjdk-6 (6b16-1.6~pre2-0ubuntu1) karmic; urgency=low * Update IcedTea from the 1.6 release branch: - Fix buffer overflow in debugger's socket handler (Kees Cook). https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736. - plugin fixes. * Move the pulseaudio recommendation to a suggestion, don't build-depend on pulseaudio. Closes: #539394. LP: #361408. * Build for armv6 (on armel). [ Kees Cook ] * debian/rules: Re-enable fortification and stack protector (LP: #330713). * Adding stack markings to the x86 assembly for not using executable stack. LP: #419018. -- Matthias Klose Fri, 28 Aug 2009 18:51:34 +0200 openjdk-6 (6b16-1.6~pre1-0ubuntu1) karmic; urgency=low * Test build (icedtea6-1.6 release branch). -- Matthias Klose Fri, 21 Aug 2009 19:44:42 +0200 openjdk-6 (6b16~pre5-0ubuntu2) karmic; urgency=low * Add explicit build dependency on libgtk2.0-dev. -- Matthias Klose Thu, 06 Aug 2009 11:39:14 +0200 openjdk-6 (6b16~pre5-0ubuntu1) karmic; urgency=low * Bump hotspot to hs14b16. * Update IcedTea build infrastructure (20090805). * patches/java-access-bridge-security.patch: Update. * Build-depend on xulrunner-dev instead of xulrunner-1.9-dev on karmic. * Don't recommend the jck fonts anymore, just suggest them; the appropriate fonts are installed as dependencies of the language packs. -- Matthias Klose Thu, 06 Aug 2009 10:27:09 +0200 openjdk-6 (6b16~pre4-0ubuntu7) karmic; urgency=low * Build using GCC-4.4 on sparc as well, require 4.4.1. -- Matthias Klose Thu, 23 Jul 2009 18:23:14 +0200 openjdk-6 (6b16~pre4-0ubuntu6) karmic; urgency=low * Fix build failure building the zero VM. -- Matthias Klose Thu, 16 Jul 2009 09:49:36 -0400 openjdk-6 (6b16~pre4-0ubuntu5) karmic; urgency=low [Matthias Klose] * Update IcedTea build infrastructure (20090715). * Tighten build dependency on llvm-dev. [Edward Nevill] * Add armv4 compatibility. -- Matthias Klose Wed, 15 Jul 2009 15:40:44 -0400 openjdk-6 (6b16~pre4-0ubuntu4) karmic; urgency=low [Edward Nevill] * Added Bytecode Interpreter Generator. * Added ARM templates for above. * Removed old optimised ARM assebler. * Added -g0 because of problems with ld linking -g. * Changed alignment to 64 now that as bug is fixed. [Matthias Klose] * Update IcedTea build infrastructure (20090710). * Let the -jre package depend on the access-bridge package, not the -jre-headless package. LP: #395074. * Suggested by Ed Nevill: - Pass -timeout:3 when running the jtreg testsuite on zero architectures. - Pass -Xmx256M -vmoption:-Xmx256M on armel for the jtreg testsuite run. * Tighten build dependency on llvm-dev. -- Matthias Klose Fri, 03 Jul 2009 18:32:50 +0200 openjdk-6 (6b16~pre4-0ubuntu3) karmic; urgency=low * Update zero-port-opt patch on armel. -- Matthias Klose Wed, 24 Jun 2009 10:48:48 +0200 openjdk-6 (6b16~pre4-0ubuntu2) karmic; urgency=low * Update IcedTea build infrastructure (20090623). * Reapply the zero-port-opt patch on armel. * Do not use the IPA Mona font family by default. Closes: #521233. * Build cacao with -fno-strict-aliasing. -- Matthias Klose Tue, 23 Jun 2009 16:23:38 +0200 openjdk-6 (6b16-4) unstable; urgency=medium * Build the zero binary package when building with shark. * Build-depend on cpio. Closes: #532963. -- Matthias Klose Tue, 16 Jun 2009 07:52:19 +0200 openjdk-6 (6b16-3) unstable; urgency=low * Update IcedTea build infrastructure (20090612). * Install the libaccess-bridge-java* symlinks again. * Build zero on ix86 architectures with JIT support (shark). To use the zero build without shark, use the `-Xint' option to operate in interpreted-only mode. -- Matthias Klose Fri, 12 Jun 2009 17:31:34 +0200 openjdk-6 (6b16-2) unstable; urgency=low * Don't install libaccess-bridge-java* symlinks until libaccess-bridge-java-jni is available on all architectures. * Add missing build dependency on cacao-source. -- Matthias Klose Mon, 18 May 2009 14:02:59 +0200 openjdk-6 (6b16-1) unstable; urgency=low * Upload to unstable, based in 6b16 and IcedTea 1.5. -- Matthias Klose Sun, 17 May 2009 23:02:46 +0200 openjdk-6 (6b16~pre3-0ubuntu1) karmic; urgency=low * Update to hotspot hs14b15. * Provide symlink for libjava-access-bridge-jni.so. LP: #375347. -- Matthias Klose Fri, 15 May 2009 00:41:24 +0200 openjdk-6 (6b16~pre2-0ubuntu3) karmic; urgency=low * Update IcedTea build infrastructure (20090513). * Fix build failure when xvfb-run doesn't work, trying to access a non-existing directory. -- Matthias Klose Wed, 13 May 2009 23:01:23 +0200 openjdk-6 (6b16~pre2-0ubuntu2) karmic; urgency=low * Add libffi-dev as architecture independent build dependency. -- Matthias Klose Mon, 11 May 2009 08:41:42 +0200 openjdk-6 (6b16~pre2-0ubuntu1) karmic; urgency=low * Update to re-tagged code drop (b16). * Update IcedTea build infrastructure (20090510). * Remove patches integrated in IcedTea. * Remove GCJ Web Plugin support. * Remove build infrastructure to build additional VM's, integrated in IcedTea. * Stop building the openjdk-6-source-files package. * README.Debian: Document using the different VM's. * Use GCC-4.3 on sparc, ICE with GCC-4.4. * Fix problem with the ARM assembler interpreter, when executing a 'new' bytecode with a double on the top of the stack (Edward Nevill). * Run the testsuite for the zero build on ix86 architectures. -- Matthias Klose