/hg/icedtea7: Add latest release notes for 2.3.6, 2.1.5 & 2.2.5.

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Wed Feb 13 18:19:37 PST 2013 

changeset a506120a631e in /hg/icedtea7
details: http://icedtea.classpath.org/hg/icedtea7?cmd=changeset;node=a506120a631e
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Thu Feb 14 02:19:27 2013 +0000

	Add latest release notes for 2.3.6, 2.1.5 & 2.2.5.

	2013-02-14  Andrew John Hughes  <gnu_andrew at member.fsf.org>

		* NEWS: Add release notes for 2.3.6, 2.1.5 &
		2.2.5.


diffstat:

 ChangeLog |    5 +
 NEWS      |  191 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 195 insertions(+), 1 deletions(-)

diffs (220 lines):

diff -r e342c6b2cbc0 -r a506120a631e ChangeLog
--- a/ChangeLog	Thu Jan 17 00:39:24 2013 +0000
+++ b/ChangeLog	Thu Feb 14 02:19:27 2013 +0000
@@ -1,3 +1,8 @@
+2013-02-14  Andrew John Hughes  <gnu_andrew at member.fsf.org>
+
+	* NEWS: Add release notes for 2.3.6, 2.1.5 &
+	2.2.5.
+
 2013-01-16  Andrew John Hughes  <gnu_andrew at member.fsf.org>
 
 	* acinclude.m4:
diff -r e342c6b2cbc0 -r a506120a631e NEWS
--- a/NEWS	Thu Jan 17 00:39:24 2013 +0000
+++ b/NEWS	Thu Feb 14 02:19:27 2013 +0000
@@ -10,7 +10,7 @@
 
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
-New in release 2.4 (2012-XX-XX):
+New in release 2.4.0 (2012-XX-XX):
 
 OpenJDK
   - PR1209, S7170638: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field.
@@ -679,6 +679,195 @@
   - Set UNLIMITED_CRYPTO=true to ensure we use the unlimited policy.
   - Set handleStartupErrors to ignoreMultipleInitialisation in nss.cfg to fix PR473
 
+New in release 2.1.5 (2013-02-13):
+
+* Security fixes
+  - S6563318, CVE-2013-0424: RMI data sanitization
+  - S6664509, CVE-2013-0425: Add logging context
+  - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
+  - S6776941: CVE-2013-0427: Improve thread pool shutdown
+  - S7141694, CVE-2013-0429: Improving CORBA internals
+  - S7173145: Improve in-memory representation of splashscreens
+  - S7186945: Unpack200 improvement
+  - S7186946: Refine unpacker resource usage
+  - S7186948: Improve Swing data validation
+  - S7186952, CVE-2013-0432: Improve clipboard access
+  - S7186954: Improve connection performance
+  - S7186957: Improve Pack200 data validation
+  - S7192392, CVE-2013-0443: Better validation of client keys
+  - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
+  - S7192977, CVE-2013-0442: Issue in toolkit thread
+  - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
+  - S7200491: Tighten up JTable layout code
+  - S7200493, CVE-2013-0444: Improve cache handling
+  - S7200499: Better data validation for options
+  - S7200500: Launcher better input validation
+  - S7201064: Better dialogue checking
+  - S7201066, CVE-2013-0441: Change modifiers on unused fields
+  - S7201068, CVE-2013-0435: Better handling of UI elements
+  - S7201070: Serialization to conform to protocol
+  - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
+  - S8000210: Improve JarFile code quality
+  - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
+  - S8000539, CVE-2013-0431: Introspect JMX data handling
+  - S8000540, CVE-2013-1475: Improve IIOP type reuse management
+  - S8000631, CVE-2013-1476: Restrict access to class constructor
+  - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
+  - S8001242: Improve RMI HTTP conformance
+  - S8001307: Modify ACC_SUPER behavior
+  - S8001972, CVE-2013-1478: Improve image processing
+  - S8002325, CVE-2013-1480: Improve management of images
+* Backports
+  - S7054590: (JSR-292) MethodHandleProxies.asInterfaceInstance() accepts private/protected nested interfaces
+  - S7175616: Port fix for TimeZone from JDK 8 to JDK 7
+  - S8002068: Build broken: corba code changes unable to use new JDK 7 classes
+  - S8004341: Two JCK tests fails with 7u11 b06
+  - S8005615: Java Logger fails to load tomcat logger implementation (JULI)
+
+New in release 2.2.5 (2013-02-13):
+
+* Security fixes
+  - S6563318, CVE-2013-0424: RMI data sanitization
+  - S6664509, CVE-2013-0425: Add logging context
+  - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
+  - S6776941: CVE-2013-0427: Improve thread pool shutdown
+  - S7141694, CVE-2013-0429: Improving CORBA internals
+  - S7173145: Improve in-memory representation of splashscreens
+  - S7186945: Unpack200 improvement
+  - S7186946: Refine unpacker resource usage
+  - S7186948: Improve Swing data validation
+  - S7186952, CVE-2013-0432: Improve clipboard access
+  - S7186954: Improve connection performance
+  - S7186957: Improve Pack200 data validation
+  - S7192392, CVE-2013-0443: Better validation of client keys
+  - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
+  - S7192977, CVE-2013-0442: Issue in toolkit thread
+  - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
+  - S7200491: Tighten up JTable layout code
+  - S7200493, CVE-2013-0444: Improve cache handling
+  - S7200499: Better data validation for options
+  - S7200500: Launcher better input validation
+  - S7201064: Better dialogue checking
+  - S7201066, CVE-2013-0441: Change modifiers on unused fields
+  - S7201068, CVE-2013-0435: Better handling of UI elements
+  - S7201070: Serialization to conform to protocol
+  - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
+  - S8000210: Improve JarFile code quality
+  - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
+  - S8000539, CVE-2013-0431: Introspect JMX data handling
+  - S8000540, CVE-2013-1475: Improve IIOP type reuse management
+  - S8000631, CVE-2013-1476: Restrict access to class constructor
+  - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
+  - S8001242: Improve RMI HTTP conformance
+  - S8001307: Modify ACC_SUPER behavior
+  - S8001972, CVE-2013-1478: Improve image processing
+  - S8002325, CVE-2013-1480: Improve management of images
+* Backports
+  - S7175616: Port fix for TimeZone from JDK 8 to JDK 7
+  - S8002068: Build broken: corba code changes unable to use new JDK 7 classes
+  - S8004341: Two JCK tests fails with 7u11 b06
+  - S8005615: Java Logger fails to load tomcat logger implementation (JULI)
+
+New in release 2.3.6 (2013-02-12):
+
+* Security fixes
+  - S6563318, CVE-2013-0424: RMI data sanitization
+  - S6664509, CVE-2013-0425: Add logging context
+  - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
+  - S6776941: CVE-2013-0427: Improve thread pool shutdown
+  - S7141694, CVE-2013-0429: Improving CORBA internals
+  - S7173145: Improve in-memory representation of splashscreens
+  - S7186945: Unpack200 improvement
+  - S7186946: Refine unpacker resource usage
+  - S7186948: Improve Swing data validation
+  - S7186952, CVE-2013-0432: Improve clipboard access
+  - S7186954: Improve connection performance
+  - S7186957: Improve Pack200 data validation
+  - S7192392, CVE-2013-0443: Better validation of client keys
+  - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
+  - S7192977, CVE-2013-0442: Issue in toolkit thread
+  - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
+  - S7200491: Tighten up JTable layout code
+  - S7200493, CVE-2013-0444: Improve cache handling
+  - S7200499: Better data validation for options
+  - S7200500: Launcher better input validation
+  - S7201064: Better dialogue checking
+  - S7201066, CVE-2013-0441: Change modifiers on unused fields
+  - S7201068, CVE-2013-0435: Better handling of UI elements
+  - S7201070: Serialization to conform to protocol
+  - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
+  - S8000210: Improve JarFile code quality
+  - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
+  - S8000539, CVE-2013-0431: Introspect JMX data handling
+  - S8000540, CVE-2013-1475: Improve IIOP type reuse management
+  - S8000631, CVE-2013-1476: Restrict access to class constructor
+  - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
+  - S8001242: Improve RMI HTTP conformance
+  - S8001307: Modify ACC_SUPER behavior
+  - S8001972, CVE-2013-1478: Improve image processing
+  - S8002325, CVE-2013-1480: Improve management of images
+* Backports
+  - S7057320: test/java/util/concurrent/Executors/AutoShutdown.java failing intermittently
+  - S7083664: TEST_BUG: test hard code of using c:/temp but this dir might not exist
+  - S7107613: scalability blocker in javax.crypto.CryptoPermissions
+  - S7107616: scalability blocker in javax.crypto.JceSecurityManager
+  - S7146424: Wildcard expansion for single entry classpath
+  - S7160609: [macosx] JDK crash in libjvm.dylib ( C [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)
+  - S7160951: [macosx] ActionListener called twice for JMenuItem using ScreenMenuBar
+  - S7162488: VM not printing unknown -XX options
+  - S7169395: Exception throws due to the changes in JDK 7 object tranversal and break backward compatibility
+  - S7175616: Port fix for TimeZone from JDK 8 to JDK 7
+  - S7176485: (bf) Allow temporary buffer cache to grow to IOV_MAX
+  - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and reinitialize build number
+  - S7184326: TEST_BUG: java/awt/Frame/7024749/bug7024749.java has a typo
+  - S7185245: Licensee source bundle tries to compile JFR
+  - S7185471: Avoid key expansion when AES cipher is re-init w/ the same key
+  - S7186371: [macosx] Main menu shortcuts not displayed (7u6 regression)
+  - S7187834: [macosx] Usage of private API in macosx 2d implementation causes Apple Store rejection
+  - S7188114: (launcher) need an alternate command line parser for Windows
+  - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and reinitialize build number
+  - S7189350: Fix failed for CR 7162144
+  - S7190550: REGRESSION: Some closed/com/oracle/jfr/api tests fail to compile becuse of fix 7185245
+  - S7193219: JComboBox serialization fails in JDK 1.7
+  - S7193977: REGRESSION:Java 7's JavaBeans persistence ignoring the "transient" flag on properties
+  - S7195106: REGRESSION : There is no way to get Icon inf, once Softreference is released
+  - S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
+  - S7195931: UnsatisfiedLinkError on PKCS11.C_GetOperationState while using NSS from jre7u6+
+  - S7197071: Makefiles for various security providers aren't including the default manifest.
+  - S7197652: Impossible to run any signed JNLP applications or applets, OCSP off by default
+  - S7198146: Another new regression test does not compile on windows-amd64
+  - S7198570: (tz) Support tzdata2012f
+  - S7198640: new hotspot build - hs23.6-b04
+  - S7199488: [TEST] runtime/7158800/InternTest.java failed due to false-positive on PID match.
+  - S7199645: Increment build # of hs23.5 to b02
+  - S7199669: Update tags in .hgtags file for CPU release rename
+  - S7200720: crash in net.dll during NTLM authentication
+  - S7200742: (se) Selector.select does not block when starting Coherence (sol11u1)
+  - S7200762: [macosx] Stuck in sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Native Method)
+  - S8000285: Deadlock between PostEventQueue.noEvents, EventQueue.isDispatchThread and SwingUtilities.invokeLater
+  - S8000286: [macosx] Views keep scrolling back to the drag position after DnD
+  - S8000297: REGRESSION: closed/java/awt/EventQueue/PostEventOrderingTest.java fails
+  - S8000307: Jre7cert: focusgained does not get called for all focus req when do alt + tab
+  - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and reinitialize build number
+  - S8001124: jdk7u ProblemList.txt updates (10/2012)
+  - S8001242: Improve RMI HTTP conformance
+  - S8001808: Create a test for 8000327
+  - S8001876: Create regtest for 8000283
+  - S8002068: Build broken: corba code changes unable to use new JDK 7 classes
+  - S8002091: tools/launcher/ToolsOpts.java test started to fail since 7u11 b01 on Windows
+  - S8002114: fix failed for JDK-7160951: [macosx] ActionListener called twice for JMenuItem using ScreenMenuBar
+  - S8002225: (tz) Support tzdata2012i
+  - S8003402: (dc) test/java/nio/channels/DatagramChannel/SendToUnresovled.java failing after 7u11 cleanup issues
+  - S8003403: Test ShortRSAKeyWithinTLS and ClientJSSEServerJSSE failing after 7u11 cleanup
+  - S8003948: NTLM/Negotiate authentication problem
+  - S8004175: Restricted packages added in java.security are missing in java.security-{macosx, solaris, windows}
+  - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01
+  - S8004341: Two JCK tests fails with 7u11 b06
+  - S8005615: Java Logger fails to load tomcat logger implementation (JULI)
+* Bug fixes
+  - Fix build using Zero's HotSpot so all patches apply again.
+  - PR1295: jamvm parallel unpack failure
+
 New in release 2.3.4 (2013-01-15):
 
 * Security fixes

More information about the distro-pkg-dev mailing list