[Branch ~openjdk/openjdk/openjdk8] Rev 694: [ Tiago Stürmer Daitx ]

noreply at launchpad.net noreply at launchpad.net
Mon Jan 23 10:18:31 UTC 2017 

------------------------------------------------------------
revno: 694
committer: Matthias Klose <doko at ubuntu.com>
branch nick: openjdk8
timestamp: Mon 2017-01-23 11:17:38 +0100
message:
    [ Tiago Stürmer Daitx ]
    * debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and
      DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and
      dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845.
    * Update to 8u121-b13, including security fixes.
      - S8165344, CVE-2017-3272: A protected field can be leveraged into type
        confusion.
      - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
        required call to super.init allowing for uninitialized objects to be
        created.
      - S8156802, CVE-2017-3241: RMI deserialization should limit the types
        deserialized to prevent attacks that could escape the sandbox.
      - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
        dispose() on a CMenuComponentmultiple times.
      - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
        extraneous bytes added to them whereas the signature is supposed to be
        unique.
      - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
        sections to be 2^32-1 bytes long so these should not be uncompressed
        unless the user explicitly requests it.
      - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
        leak information about k.
      - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
        leak information about k.
      - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
        deserialize responses from an LDAP server when an LDAP context is
        expected.
      - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
        users or external applications would interpret them leading to possible
        security issues.
      - S8168705, CVE-2016-5547: A value from an InputStream is read directly
        into the size argument of a new byte[] without validation.
      - S8164147, CVE-2017-3261: An integer overflow exists in
        SocketOutputStream which can lead to memorydisclosure.
      - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
        dispatch HTTP GET requests where the invoker does not have permission.
      - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
        long running sessions are allowed.
    * d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed.
    * d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed.
    * d/p/6926048.diff: Already applied upstream; removed.
    * d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve
      StrictMath performance on ppc64el. LP: #1646927.
    * d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying
      links to non-existant files. Closes: #841269.
    * Refreshed various patches.
removed:
  debian/patches/6926048.diff
  debian/patches/8132051-zero.diff
  debian/patches/hotspot-JDK-8158260-ppc64el.patch
added:
  debian/patches/jdk-841269-filechooser.patch
  debian/patches/jdk-ppc64el-S8170153.patch
  debian/patches/openjdk-ppc64el-S8170153.patch
  debian/patches/sec-webrev-8u121-aarch64-hotspot-8159507.patch
  debian/patches/sec-webrev-8u121-aarch64-hotspot-8161218.patch
  debian/patches/sec-webrev-8u121-aarch64-hotspot-8167104.patch
modified:
  debian/changelog
  debian/patches/8141491.diff
  debian/patches/aarch64.diff
  debian/patches/adlc-parser.patch
  debian/patches/applet-hole.patch
  debian/patches/autoconf-select.diff
  debian/patches/compare-pointer-with-literal.patch
  debian/patches/default-jvm-cfg-default.diff
  debian/patches/disable-doclint-by-default.diff
  debian/patches/dnd-files.patch
  debian/patches/dont-strip-images.diff
  debian/patches/gcc6.diff
  debian/patches/hotspot-disable-werror.diff
  debian/patches/hotspot-libpath-aarch64.diff
  debian/patches/hotspot-mips-align.diff
  debian/patches/hotspot-no-march-i586.diff
  debian/patches/hotspot-set-compiler.diff
  debian/patches/hotspot-warn-no-errformat.diff
  debian/patches/icc_loading_with_symlink.diff
  debian/patches/icedtea-4953367.patch
  debian/patches/icedtea-override-redirect-compiz.patch
  debian/patches/include-all-srcs.diff
  debian/patches/javadoc-sort-enum-and-annotation-types.diff
  debian/patches/jdk-freetypeScaler-crash.diff
  debian/patches/jdk-getAccessibleValue.diff
  debian/patches/jdk-pulseaudio.diff
  debian/patches/jdk-target-arch-define.diff
  debian/patches/ld-symbolic-functions-default.diff
  debian/patches/libjpeg-fix.diff
  debian/patches/libpcsclite-dlopen.diff
  debian/patches/link-with-as-needed.diff
  debian/patches/m68k-support.diff
  debian/patches/multiple-pkcs11-library-init.patch
  debian/patches/nonreparenting-wm.diff
  debian/patches/pass-extra-flags.diff
  debian/patches/ppc64el.diff
  debian/patches/s390x-thread-stack-size.diff
  debian/patches/sparc-fixes.diff
  debian/patches/system-lcms.diff
  debian/patches/system-libjpeg.diff
  debian/patches/system-libpng.diff
  debian/patches/system-pcsclite.diff
  debian/patches/workaround_expand_exec_shield_cs_limit.diff
  debian/patches/zero-architectures.diff
  debian/patches/zero-fpu-control-is-noop.diff
  debian/patches/zero-missing-headers.diff
  debian/patches/zero-x32.diff
  debian/rules
The size of the diff (2735 lines) is larger than your specified limit of 1000 lines

--
lp:~openjdk/openjdk/openjdk8
https://code.launchpad.net/~openjdk/openjdk/openjdk8

Your team Debian Java Maintainers is subscribed to branch lp:~openjdk/openjdk/openjdk8.
To unsubscribe from this branch go to https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription

More information about the pkg-java-maintainers mailing list