Created by James Westby on 2011-04-08 and last modified on 2012-02-15
Get this branch:
bzr branch lp:ubuntu/maverick-updates/openjdk-6
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

132. By Steve Beattie on 2012-02-15

* SECURITY UPDATE: update to IcedTea 6 1.9.13
  - Security fixes:
    - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
    - S7088367, CVE-2011-3563: Fix issues in java sound
    - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager
    - S7110687, CVE-2012-0503: Issues with TimeZone class
    - S7110700, CVE-2012-0505: Enhance exception throwing mechanism
      in ObjectStreamClass
    - S7110704, CVE-2012-0506: Issues with some method in corba
    - S7112642, CVE-2012-0497: Incorrect checking for graphics
      rendering object
    - S7118283, CVE-2012-0501: Better input parameter checking in
      zip file processing
    - S7126960, CVE-2011-5035: (httpserver) Add property to limit
      number of request headers to the HTTP Server
  - Bug fixes:
    - S7102369, RH751203: remove java.rmi.server.codebase property
      parsing from registyimpl
    - S7094468, RH751203: rmiregistry clean up
    - S6851973, PR830: ignore incoming channel binding if acceptor
      does not set one
* drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as
  it's included in the upstream release.

131. By Steve Beattie on 2012-01-20

Add regression fix for broken ssl connectivity when using
TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761)

130. By Steve Beattie on 2011-11-08

* SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
  - debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
    case for SocketPermission.
  - CVE-2011-3377
  - Applied inline due to needing to apply patches only once for netx,
    not for every vm

129. By Steve Beattie on 2011-07-21

* SECURITY UPDATE: information disclosure
  - IcedTea 1.9.9 release:
    + debian/patches/cache-directory-exposed-it6-1.9.patch: don't
      allow unsigned web start applications/applets determine the
      location of the netx cache directory
    + CVE-2011-2513
* drop debian/patches/hotspot-fix_added_define.patch: applied upstream

128. By Steve Beattie on 2011-06-14

* SECURITY UPDATE: IcedTea6 1.9.8 Release:
  - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP
    urgent disabled get still selected for read ops (win)
  - S6618658, CVE-2011-0865: Vulnerability in deserialization
  - S7012520, CVE-2011-0815: Heap overflow vulnerability in
  - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in
    2D code
  - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
  - S7013971, CVE-2011-0869: Vulnerability in SAAJ
  - S7016340, CVE-2011-0870: Vulnerability in SAAJ
  - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
    with scale close to zero
  - S7020198, CVE-2011-0871: ImageIcon creates Component with
    null acc
  - S7020373, CVE-2011-0864: JSR rewriting can overflow memory
    address size variables
* debian/generate_debian_orig.sh: adjust settings to match the
  generation of this update.
* Makefile.{am,in}: don't apply patches/jtreg-LastErrorString.patch as
  it causes the testsuite runner to fail.

127. By Steve Beattie on 2011-02-22

* IcedTea6 1.9.7 release.
    + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
    + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
    + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
    + S6994263, CVE-2010-4472: Untrusted code allowed to replace
      DSIG/C14N implementation
    + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
    + S6983554, CVE-2010-4450: Launcher incorrect processing of
      empty library path entries
    + S6985453, CVE-2010-4471: Java2D font-related system property leak
    + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
    + RH677332, CVE-2011-0706: Multiple signers privilege escalation
  - Bug fixes
    + RH676659: Pass -export-dynamic flag to linker using -Wl,
      as option in gcc 4.6+ is broken
    + G344659: Fix issue when building on SPARC
    + Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
  - debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
  zerovm instead to compensate for

126. By Matthias Klose on 2011-01-27

* IcedTea6 1.9.5 release.
  - CVE-2011-0025: IcedTea jarfile signature verification bypass.

125. By Matthias Klose on 2011-01-06

* IcedTea6 1.9.4 release.
  - CVE-2010-4351: IcedTea JNLP SecurityManager bypass.

124. By Matthias Klose on 2010-12-10

* Revert two backports. LP: #688522:
  - S6638712: Inference with wildcard types causes selection of
    inapplicable method.
  - S6650759: Inference of formal type parameter (unused in formal
    parameters) is not performed.

123. By Matthias Klose on 2010-11-21

* IcedTea6 1.9.2 release.
  - CVE-2010-3860: Fix IcedTea System property information leak via
    public static.
* Build using Hotspot hs19.
* Start metacity using dbus-launch, when running the testsuite. LP: #632594.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.