| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes
S6727821: Enhance JAAS Configuration
S7068126, CVE-2014-0373: Enhance SNMP statuses
S8010935: Better XML handling
S8011786, CVE-2014-0368: Better applet networking
S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
S8022904: Enhance JDBC Parsers
S8022927: Input validation for byte/endian conversions
S8022935: Enhance Apache resolver classes
S8022945: Enhance JNDI implementation classes
S8023057: Enhance start up image display
S8023069, CVE-2014-0411: Enhance TLS connections
S8023245, CVE-2014-0423: Enhance Beans decoding
S8023301: Enhance generic classes
S8023672: Enhance jar file validation
S8024306, CVE-2014-0416: Enhance Subject consistency
S8024530: Enhance font process resilience
S8024867: Enhance logging start up
S8025014: Enhance Security Policy
S8025018, CVE-2014-0376: Enhance JAX-P set up
S8025026, CVE-2013-5878: Enhance canonicalization
S8025034, CVE-2013-5907: Improve layout lookups
S8025448: Enhance listening events
S8025758, CVE-2014-0422: Enhance Naming management
S8025767, CVE-2014-0428: Enhance IIOP Streams
S8026172: Enhance UI Management
S8026176: Enhance document printing
S8026193, CVE-2013-5884: Enhance CORBA stub factories
S8026204: Enhance auth login contexts
S8026417, CVE-2013-5910: Enhance XML canonicalization
S8027201, CVE-2014-0376: Enhance JAX-P set up
(cherry picked from commit 7581d6a08ba8fde796126748121649ac70971f19)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes following security fixes:
S8006900, CVE-2013-3829: Add new date/time capability
S8008589: Better MBean permission validation
S8011071, CVE-2013-5780: Better crypto provider handling
S8011081, CVE-2013-5772: Improve jhat
S8011157, CVE-2013-5814: Improve CORBA portablility
S8012071, CVE-2013-5790: Better Building of Beans
S8012147: Improve tool support
S8012277: CVE-2013-5849: Improve AWT DataFlavor
S8012425, CVE-2013-5802: Transform TransformerFactory
S8013503, CVE-2013-5851: Improve stream factories
S8013506: Better Pack200 data handling
S8013510, CVE-2013-5809: Augment image writing code
S8013514: Improve stability of cmap class
S8013739, CVE-2013-5817: Better LDAP resource management
S8013744, CVE-2013-5783: Better tabling for AWT
S8014085: Better serialization support in JMX classes
S8014093, CVE-2013-5782: Improve parsing of images
S8014102, CVE-2013-5778: Improve image conversion
S8014341, CVE-2013-5803: Better service from Kerberos servers
S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
S8014530, CVE-2013-5825: Better digital signature processing
S8014534: Better profiling support
S8014987, CVE-2013-5842: Augment serialization handling
S8015614: Update build settings
S8015731: Subject java.security.auth.subject to improvements
S8015743, CVE-2013-5774: Address internet addresses
S8016256: Make finalization final
S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
S8016675, CVE-2013-5797: Make Javadoc pages more robust
S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
S8017287, CVE-2013-5829: Better resource disposal
S8017291, CVE-2013-5830: Cast Proxies Aside
S8017298, CVE-2013-4002: Better XML support
S8017300, CVE-2013-5784: Improve Interface Implementation
S8017505, CVE-2013-5820: Better Client Service
S8019292: Better Attribute Value Exceptions
S8019617: Better view of objects
S8020293: JVM crash
S8021290, CVE-2013-5823: Better signature validation
S8022940: Enhance CORBA translations
S8023683: Enhance class file parsing
|
| |
|
|
|
|
|
|
| |
* use --with-pax from upstream instead of our patches
* build without bootstrapping by default to speed up compiles
(define BOOTSTRAP=yes to do bootstrap build with gcj)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update pkgver to include java version, build and icedtea version
* do not build ecj, instead use the javac from java-gcj-compat
* remove jaxws, jaxp and jaf drop zips as they are not used
* enable x86_64 build again (apparently using java-gcj-compat fixes things)
* minor other clean ups
Includes also security fixes from 1.11.12 (2013-07-10)
- S6741606, CVE-2013-2407: Integrate Apache Santuario
- S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
- S7170730, CVE-2013-2451: Improve Windows network stack support.
- S8000638, CVE-2013-2450: Improve deserialization
- S8000642, CVE-2013-2446: Better handling of objects for transportation
- S8001032: Restrict object access
- S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
- S8001034, CVE-2013-1500: Memory management improvements
- S8001038, CVE-2013-2444: Resourcefully handle resources
- S8001043: Clarify definition restrictions
- S8001309: Better handling of annotation interfaces
- S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
- S8001330, CVE-2013-2443: Improve on checking order
- S8003703, CVE-2013-2412: Update RMI connection dialog box
- S8004584: Augment applet contextualization
- S8005007: Better glyph processing
- S8006328, CVE-2013-2448: Improve robustness of sound classes
- S8006611: Improve scripting
- S8007467: Improve robustness of JMX internal APIs
- S8007471: Improve MBean notifications
- S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
- S8008120, CVE-2013-2457: Improve JMX class checking
- S8008124, CVE-2013-2453: Better compliance testing
- S8008128: Better API coherence for JMX
- S8008132, CVE-2013-2456: Better serialization support
- S8008585: Better JMX data handling
- S8008593: Better URLClassLoader resource management
- S8008603: Improve provision of JMX providers
- S8008611: Better handling of annotations in JMX
- S8008615: Improve robustness of JMX internal APIs
- S8008623: Better handling of MBeanServers
- S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
- S8008982: Adjust JMX for underlying interface changes
- S8009004: Better implementation of RMI connections
- S8009013: Better handling of T2K glyphs
- S8009034: Improve resulting notifications in JMX
- S8009038: Improve JMX notification support
- S8009067: Improve storing keys in KeyStore
- S8009071, CVE-2013-2459: Improve shape handling
- S8009235: Improve handling of TSA data
- S8011243, CVE-2013-2470: Improve ImagingLib
- S8011248, CVE-2013-2471: Better Component Rasters
- S8011253, CVE-2013-2472: Better Short Component Rasters
- S8011257, CVE-2013-2473: Better Byte Component Rasters
- S8012375, CVE-2013-1571: Improve Javadoc framing
- S8012421: Better positioning of PairPositioning
- S8012438, CVE-2013-2463: Better image validation
- S8012597, CVE-2013-2465: Better image channel verification
- S8012601, CVE-2013-2469: Better validation of image layouts
- S8014281, CVE-2013-2461: Better checking of XML signature
- S8015997: Additional improvement in Javadoc framing
|
|
|
|
| |
does not build
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixes #1801
icedtea6-1.11.11:
RH952389: Temporary files created with insecure permissions
icedtea6-1.11.10:
S6657673, CVE-2013-1518: Issues with JAXP
S7200507: Refactor Introspector internals
S8000724, CVE-2013-2417: Improve networking serialization
S8001031, CVE-2013-2419: Better font processing
S8001040, CVE-2013-1537: Rework RMI model
S8001322: Refactor deserialization
S8001329, CVE-2013-1557: Augment RMI logging
S8003335: Better handling of Finalizer thread
S8003445: Adjust JAX-WS to focus on API
S8003543, CVE-2013-2415: Improve processing of MTOM attachments
S8004261: Improve input validation
S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
S8004986, CVE-2013-2383: Better handling of glyph table
S8004987, CVE-2013-2384: Improve font layout
S8004994, CVE-2013-1569: Improve checking of glyph table
S8005432: Update access to JAX-WS
S8005943: (process) Improved Runtime.exec
S8006309: More reliable control panel operation
S8006435, CVE-2013-2424: Improvements in JMX
S8006790: Improve checking for windows
S8006795: Improve font warning messages
S8007406: Improve accessibility of AccessBridge
S8007617, CVE-2013-2420: Better validation of images
S8007667, CVE-2013-2430: Better image reading
S8007918, CVE-2013-2429: Better image writing
S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
S8009305, CVE-2013-0401: Improve AWT data transfer
S8009699, CVE-2013-2421: Methodhandle lookup
S8009814, CVE-2013-1488: Better driver management
S8009857, CVE-2013-2422: Problem with plugin
icedtea6-1.11.9:
S8007014, CVE-2013-0809: Improve image handling
S8007675, CVE-2013-1493: Improve color conversion
icedtea6-1.11.8:
S8006446, CVE-2013-1486: Restrict MBeanServer access
S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
S8007688: Blacklist known bad certificate
icedtea6-1.11.7:
(bugfixes only)
icedtea6-1.11.6:
S6563318, CVE-2013-0424: RMI data sanitization
S6664509, CVE-2013-0425: Add logging context
S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
S6776941: CVE-2013-0427: Improve thread pool shutdown
S7141694, CVE-2013-0429: Improving CORBA internals
S7173145: Improve in-memory representation of splashscreens
S7186945: Unpack200 improvement
S7186946: Refine unpacker resource usage
S7186948: Improve Swing data validation
S7186952, CVE-2013-0432: Improve clipboard access
S7186954: Improve connection performance
S7186957: Improve Pack200 data validation
S7192392, CVE-2013-0443: Better validation of client keys
S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
S7192977, CVE-2013-0442: Issue in toolkit thread
S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
S7200491: Tighten up JTable layout code
S7200500: Launcher better input validation
S7201064: Better dialogue checking
S7201066, CVE-2013-0441: Change modifiers on unused fields
S7201068, CVE-2013-0435: Better handling of UI elements
S7201070: Serialization to conform to protocol
S7201071, CVE-2013-0433: InetSocketAddress serialization issue
S8000210: Improve JarFile code quality
S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
S8000540, CVE-2013-1475: Improve IIOP type reuse management
S8000631, CVE-2013-1476: Restrict access to class constructor
S8001235, CVE-2013-0434: Improve JAXP HTTP handling
S8001242: Improve RMI HTTP conformance
S8001307: Modify ACC_SUPER behavior
S8001972, CVE-2013-1478: Improve image processing
S8002325, CVE-2013-1480: Improve management of images
icedtea6-1.11.5:
S6631398, CVE-2012-3216: FilePermission improved path checking
S7093490: adjust package access in rmiregistry
S7143535, CVE-2012-5068: ScriptEngine corrected permissions
S7167656, CVE-2012-5077: Multiple Seeders are being created
S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
S7172522, CVE-2012-5072: Improve DomainCombiner checking
S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
S7189103, CVE-2012-5069: Executors needs to maintain state
S7189490: More improvements to DomainCombiner checking
S7189567, CVE-2012-5085: java net obselete protocol
S7192975, CVE-2012-5071: Conditional usage check is wrong
S7195194, CVE-2012-5084: Better data validation for Swing
S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
S7198296, CVE-2012-5089: Refactor classloader usage
S7158800: Improve storage of symbol tables
S7158801: Improve VM CompileOnly option
S7158804: Improve config file parsing
S7176337: Additional changes needed for 7158801 fix
S7198606, CVE-2012-4416: Improve VM optimization
|
| |
|
| |
|
| |
|
|
|
|
|
| |
both libgcj and openjdk6-jre-base provided so:libjvm.so so we mask this
so and deal with it manually
|
|
|
|
|
| |
The so version check against the name have become optional and openjdk
needs it.
|
|
|
|
|
|
|
|
| |
exclude xawt lib from ldpath search. This is so we avoid duplicate
provides for headless/libmawt.so and xawt/libmawt.so
libmawt should really be a virtual provides but that depends on an
apk info --who-provides feature.
|
| |
|
|
|
|
| |
It confuses abuild
|
|
|
|
| |
Tell abuild to search recursively for .so files
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IcedTea 1.11.4
S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
S7163201, CVE-2012-0547: Simplify toolkit internals references
IcedTea 1.11.3
S7079902, CVE-2012-1711: Refine CORBA data models
S7110720: Issue with vm config file loadingIssue with vm config file loading
S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform.
S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
S7143872, CVE-2012-1718: Improve certificate extension processing
S7145239: Finetune package definition restriction
S7152811, CVE-2012-1723: Issues in client compiler
S7157609, CVE-2012-1724: Issues with loop
S7160677: missing else in fix for 7152811
S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
IcedTea 1.11.1
S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
S7088367, CVE-2011-3563: Fix issues in java sound
S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
S7110687, CVE-2012-0503: Issues with TimeZone class
S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
S7110704, CVE-2012-0506: Issues with some method in corba
S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
|
|
|
|
| |
based on openjdk6 b24 14_nov_2011
|
| |
|
|
|
|
| |
ca-certificates package
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ref #802
icedtea6 1.10.4 includes patches for the following security issues:
CVE-2011-3547: InputStream skip() information leak
CVE-2011-3548: mutable static AWTKeyStroke.ctor
CVE-2011-3551: Java2D TransformHelper integer overflow
CVE-2011-3552: excessive default UDP socket limit under SecurityManager
CVE-2011-3553: JAX-WS stack-traces information leak
CVE-2011-3544: missing SecurityManager checks in scripting engine
CVE-2011-3521: IIOP deserialization code execution
CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
CVE-2011-3556: RMI DGC server remote code execution
CVE-2011-3557: RMI registry privileged code execution
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1):
CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
CVE-2011-0865: Vulnerability in deserialization
CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
CVE-2011-0867: NetworkInterface.toString can reveal bindings
CVE-2011-0869: Vulnerability in SAAJ
CVE-2011-0870: Vulnerability in SAAJ
CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
CVE-2011-0871: ImageIcon creates Component with null acc
CVE-2011-0864: JSR rewriting can overflow memory address size variables
|
| |
|
|
|