Created by Matthias Klose on 2010-07-13 and last modified on 2017-08-23
Get this branch:
bzr branch lp:~openjdk/openjdk/openjdk7
Members of OpenJDK can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information


Recent revisions

616. By Matthias Klose on 2017-08-23

 - 7u151-2.6.11 upload

615. By Matthias Klose on 2017-05-20

openjdk-7 (7u131-2.6.9-3) experimental; urgency=medium

  * Only include the failing tests in the packages, not the whole test world.
  * openjdk-7-jdk: Provide openjdk-7-jdk-headless.

 -- Matthias Klose <email address hidden> Sat, 20 May 2017 15:52:17 -0700

614. By Matthias Klose on 2017-05-17

openjdk-7 (7u131-2.6.9-2) experimental; urgency=high

  [ Tiago Stürmer Daitx ]
  * Fix JDK regression introduced by 7u131 upgrade: (LP: #1691126)
    - d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch:
      fix "IllegalArgumentException: jdk.tls.namedGroups" backported
      from http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f5d0aadb4d1c

 -- Matthias Klose <email address hidden> Tue, 16 May 2017 21:42:12 -0700

613. By Matthias Klose on 2017-05-16

openjdk-7 (7u131-2.6.9-1) experimental; urgency=high

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.9 (based on 7u131):
  * Security fixes
    - S8167110, CVE-2017-3514: Windows peering issue.
    - S8163528, CVE-2017-3511: Better library loading.
    - S8169011, CVE-2017-3526: Resizing XML parse trees.
    - S8163520, CVE-2017-3509: Reuse cache entries.
    - S8171533, CVE-2017-3544: Better email transfer.
    - S8170222, CVE-2017-3533: Better transfers of files.
    - S8171121, CVE-2017-3539: Enhancing jar checking.
    - S8172299: Improve class processing.
  * debian/compat: updated from 5 to 9.
  * debian/watch: using watch version 4 to download both icedtea and
    icedtea-sound. LP: #1642420.
  * debian/repack: simplified tarball download.
  * debian/rules:
    - removed 8u121 patches as they have been applied to 7u131.
    - building icedtea-sound on build/ directory
    - replaced 'dh_strip -k' calls by dh_prep
    - have the 'build' rule depend on 'debian/control' rule to force
      failure if debian/control gets regenerated.
    - added file 'security/blacklisted.cert' to be copied to etc dir
      (introduced by S8011402).
    - simplified build dependencies.
    - removed jtreg's xvfb-run call since icedtea takes care of calling it.
    - removed window manager as there are no additional significant failures
      on the jdk tests when not running one.
    - re-enabled jdk jtreg tests.
    - removed lpia arch.
    - use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional
      package names.
    - drop Recommends on obsolete GNOME libraries so they are not in a
      default GNOME desktop installation (Simon McVittie). Closes: #850270.
      + sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
        over obsolete libgconf2-4.
      + sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
        over libgnomevfs-2-0.
      + sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
  * debian/control.in: added static build dependencies as their previous
    selection logic in debian/rules is no longer required.
  * debian/control: regenerated.
  * debian/patches/icedtea-sound.diff: removed, now packing icedtea-sound
    1.0.1 which includes those fixes.
  * debian/upstream/signing-key.asc: add new signing key.

  [ Matthias Klose ]
  * Remove obsolete changelog entries from previous release.

 -- Matthias Klose <email address hidden> Tue, 16 May 2017 13:49:35 -0700

612. By Matthias Klose on 2017-02-08

  * Remove obsolete changelog entries from previous release.

611. By Matthias Klose on 2017-02-08

  * Remove obsolete changelog entries from previous release.

610. By Matthias Klose on 2017-02-08

openjdk-7 (7u121-2.6.8-2) experimental; urgency=high

  [ Tiago Stürmer Daitx ]
  * Security fixes from 8u121:
    - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
      required call to super.init allowing for uninitialized objects to be
    - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
      dispose() on a CMenuComponentmultiple times.
    - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
      extraneous bytes added to them whereas the signature is supposed to be
    - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
      sections to be 2^32-1 bytes long so these should not be uncompressed
      unless the user explicitly requests it.
    - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
      leak information about k.
    - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
      deserialize responses from an LDAP server when an LDAP context is
    - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
      users or external applications would interpret them leading to possible
      security issues.
    - S8168705, CVE-2016-5547: A value from an InputStream is read directly
      into the size argument of a new byte[] without validation.
    - S8164147, CVE-2017-3261: An integer overflow exists in
      SocketOutputStream which can lead to memorydisclosure.
    - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
      dispatch HTTP GET requests where the invoker does not have permission.
    - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
      long running sessions are allowed.
  * Missing
    - S8165344, CVE-2017-3272: A protected field can be leveraged into type
    - S8156802, CVE-2017-3241: RMI deserialization should limit the types
      deserialized to prevent attacks that could escape the sandbox.
  * Ignored
    - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
      leak information about k.

 -- Matthias Klose <email address hidden> Tue, 07 Feb 2017 11:09:39 +0100

609. By Matthias Klose on 2017-02-07

openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium

  * IcedTea release 2.6.8 (based on 7u121):

 -- Matthias Klose <email address hidden> Mon, 14 Nov 2016 13:38:40 +0100

608. By Matthias Klose on 2016-11-14

 - upload 7u111-2.6.7-3

607. By Matthias Klose on 2016-11-05

  [ Tiago Stürmer Daitx ]
  * Don't use precompiled header files on arm64.
  * Update the sec-webrev-8u111-S8159503.hotspot patch.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.