------------------------------------------------------------
revno: 603
committer: Matthias Klose <d...@ubuntu.com>
branch nick: openjdk7
timestamp: Wed 2016-05-04 19:29:22 +0200
message:
openjdk-7 (7u101-2.6.6-1) experimental; urgency=medium
[ Tiago Stürmer Daitx ]
* IcedTea release 2.6.6 (based on 7u101):
* Security fixes
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
* debian/patches/jdk-8152335-improve-methodhandle-consistency.patch:
removed, fix is upstream since 2.6.5
[ Matthias Klose ]
* Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used
(Andreas
Beckmann). Closes: #821858.
-- Matthias Klose <d...@ubuntu.com> Fri, 22 Apr 2016 21:14:22 +0200
removed:
patches/jdk-8152335-improve-methodhandle-consistency.patch
modified:
JB-jre-headless.postinst.in
JB-jre-headless.preinst.in
changelog
control
control.in
generate-debian-orig.sh
patches/it-jamvm-2.0.diff
patches/it-set-compiler.diff
rules
--
lp:~openjdk/openjdk/openjdk7
https://code.launchpad.net/~openjdk/openjdk/openjdk7
Your team Debian Java Maintainers is subscribed to branch
lp:~openjdk/openjdk/openjdk7.
To unsubscribe from this branch go to
https://code.launchpad.net/~openjdk/openjdk/openjdk7/+edit-subscription
=== modified file 'JB-jre-headless.postinst.in'
--- JB-jre-headless.postinst.in 2013-11-24 19:23:07 +0000
+++ JB-jre-headless.postinst.in 2016-05-04 17:29:22 +0000
@@ -3,6 +3,7 @@
set -e
multiarch=@multiarch@
+with_tzdata=@with_tzdata@
priority=@priority@
basedir=/@basedir@
mandir=$basedir/jre/man
@@ -132,7 +133,7 @@
rm -f $log
esac
- if [ -n "$multiarch" ]; then
+ if [ "$with_tzdata" = yes ] && [ -n "$multiarch" ]; then
if [ ! -h /@basedir@/jre/lib/zi ] && [ -d /@basedir@/jre/lib/zi ]; then
rm -rf /@basedir@/jre/lib/zi
ln -s ../../../../../share/javazi /@basedir@/jre/lib/zi
=== modified file 'JB-jre-headless.preinst.in'
--- JB-jre-headless.preinst.in 2013-11-24 19:23:07 +0000
+++ JB-jre-headless.preinst.in 2016-05-04 17:29:22 +0000
@@ -7,6 +7,7 @@
fi
multiarch=@multiarch@
+with_tzdata=@with_tzdata@
basedir=/@basedir@
old_basedir=/usr/lib/jvm/java-7-openjdk
jre_tools='java keytool pack200 rmid rmiregistry unpack200 orbd servertool tnameserv'
@@ -29,6 +30,13 @@
fi
fi
fi
+
+ # upgrading from a version that used the timezone files from tzdata-java
+ if [ "$with_tzdata" != yes ] && [ -n "$multiarch" ]; then
+ if [ -h /@basedir@/jre/lib/zi ]; then
+ rm -f /@basedir@/jre/lib/zi
+ fi
+ fi
;;
esac
=== modified file 'changelog'
--- changelog 2016-04-22 19:21:50 +0000
+++ changelog 2016-05-04 17:29:22 +0000
@@ -1,3 +1,25 @@
+openjdk-7 (7u101-2.6.6-1) experimental; urgency=medium
+
+ [ Tiago Stürmer Daitx ]
+ * IcedTea release 2.6.6 (based on 7u101):
+ * Security fixes
+ - S8129952, CVE-2016-0686: Ensure thread consistency
+ - S8132051, CVE-2016-0687: Better byte behavior
+ - S8138593, CVE-2016-0695: Make DSA more fair
+ - S8139008: Better state table management
+ - S8143167, CVE-2016-3425: Better buffering of XML strings
+ - S8144430, CVE-2016-3427: Improve JMX connections
+ - S8146494: Better ligature substitution
+ - S8146498: Better device table adjustments
+ * debian/patches/jdk-8152335-improve-methodhandle-consistency.patch:
+ removed, fix is upstream since 2.6.5
+
+ [ Matthias Klose ]
+ * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used (Andreas
+ Beckmann). Closes: #821858.
+
+ -- Matthias Klose <d...@ubuntu.com> Fri, 22 Apr 2016 21:14:22 +0200
+
openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium
[ Tiago Stürmer Daitx ]
=== modified file 'control'
--- control 2015-12-13 13:39:09 +0000
+++ control 2016-05-04 17:29:22 +0000
@@ -1,7 +1,8 @@
Source: openjdk-7
Section: java
Priority: optional
-Maintainer: OpenJDK Team <open...@lists.launchpad.net>
+Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
+XSBC-Original-Maintainer: OpenJDK Team <open...@lists.launchpad.net>
Uploaders: Matthias Klose <d...@ubuntu.com>, Damien Raude-Morvan <draz...@debian.org>
Build-Depends: debhelper (>= 5),
m4, lsb-release, wget, zip, unzip, sharutils,
=== modified file 'control.in'
--- control.in 2015-12-13 13:39:09 +0000
+++ control.in 2016-05-04 17:29:22 +0000
@@ -1,7 +1,8 @@
Source: @basename@
Section: java
Priority: optional
-Maintainer: OpenJDK Team <open...@lists.launchpad.net>
+Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
+XSBC-Original-Maintainer: OpenJDK Team <open...@lists.launchpad.net>
Uploaders: Matthias Klose <d...@ubuntu.com>, Damien Raude-Morvan <draz...@debian.org>
Build-Depends: debhelper (>= 5),
m4, lsb-release, wget, zip, unzip, sharutils,
=== modified file 'generate-debian-orig.sh'
--- generate-debian-orig.sh 2015-11-26 20:30:42 +0000
+++ generate-debian-orig.sh 2016-05-04 17:29:22 +0000
@@ -1,21 +1,30 @@
#!/bin/sh
+# all directories are relative to the current dir
+
tarballs="corba.tar.bz2 hotspot.tar.bz2 jaxp.tar.bz2 jaxws.tar.bz2 jdk.tar.bz2 langtools.tar.bz2 openjdk.tar.bz2"
-# AArch64 hotspot
-aarch64_hsname=hotspot-aarch64
-#tarballs="$tarballs $aarch64_hsname.tar.bz2"
tarballs="$tarballs icedtea-sound.tar.gz"
jamvmtb=jamvm-2.0.0.tar.gz
cacaotb=cacao-c182f119eaad.tar.gz
-tarballdir=7u91
-version=7u91-2.6.3
+
+# tarballs location
+tarballdir=7u101
+
+# icedtea upstream location (as extracted from icedtea's tarball)
+icedtea_checkout=icedtea-2.6.6
+
+# openjdk's debian location (usually fetched from bzr or the latest openjdk)
+debian_checkout=openjdk7
+
base=openjdk-7
+version=7u101-2.6.6
+
+# output directory
pkgdir=$base-$version
+
+# new orig file
origtar=${base}_${version}.orig.tar.gz
-icedtea_checkout=icedtea-2.6.3
-debian_checkout=openjdk7
-
if [ -d $pkgdir ]; then
echo directory $pkgdir already exists
exit 1
=== modified file 'patches/it-jamvm-2.0.diff'
--- patches/it-jamvm-2.0.diff 2016-04-22 19:21:50 +0000
+++ patches/it-jamvm-2.0.diff 2016-05-04 17:29:22 +0000
@@ -1,5 +1,7 @@
---- openjdk-7-7u95-2.6.4.orig/Makefile.am
-+++ openjdk-7-7u95-2.6.4/Makefile.am
+Index: b/Makefile.am
+===================================================================
+--- a/Makefile.am 2016-04-22 14:30:30.947084691 -0300
++++ b/Makefile.am 2016-04-22 14:30:30.943084642 -0300
@@ -26,8 +26,8 @@
CACAO_SRC_ZIP = cacao-$(CACAO_VERSION).tar.gz
CACAO_URL = $(CACAO_BASE_URL)/$(CACAO_SRC_ZIP)
@@ -11,16 +13,16 @@
JAMVM_BASE_URL = $(DROP_URL)/jamvm
JAMVM_URL = $(JAMVM_BASE_URL)/jamvm-$(JAMVM_VERSION).tar.gz
JAMVM_SRC_ZIP = jamvm-$(JAMVM_VERSION).tar.gz
-@@ -400,8 +400,6 @@
+@@ -401,8 +401,6 @@
if BUILD_JAMVM
ICEDTEA_PATCHES += \
- patches/jamvm/find_class_from_caller.patch \
- patches/jamvm/pr2172-tempdir.patch \
- patches/jamvm/noexecstack.patch
+ patches/jamvm/noexecstack.patch \
+ patches/jamvm/pr2665.patch
endif
-
-@@ -413,6 +411,11 @@
+@@ -415,6 +413,11 @@
ICEDTEA_PATCHES += patches/rh1022017.patch
endif
@@ -32,7 +34,7 @@
ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
# Bootstrapping patches
-@@ -2368,7 +2371,7 @@
+@@ -2370,7 +2373,7 @@
stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
if BUILD_JAMVM
cd jamvm/jamvm && \
@@ -41,8 +43,10 @@
--prefix=$(abs_top_builddir)/jamvm/install \
CFLAGS='$(EXTRA_CFLAGS_JAMVM)' LDFLAGS='$(EXTRA_LDFLAGS_JAMVM)' CPPFLAGS='$(EXTRA_CPPFLAGS_JAMVM)' CXXFLAGS='$(EXTRA_CXXFLAGS_JAMVM)'; \
$(MAKE) ; \
---- /dev/null
-+++ openjdk-7-7u95-2.6.4/patches/jamvm-2.5.3-fix.diff
+Index: b/patches/jamvm-2.5.3-fix.diff
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ b/patches/jamvm-2.5.3-fix.diff 2016-04-22 14:30:30.943084642 -0300
@@ -0,0 +1,76 @@
+--- jamvm/jamvm-2.0.0/src/classlib/openjdk/jvm.c
++++ jamvm/jamvm-2.0.0/src/classlib/openjdk/jvm.c
=== modified file 'patches/it-set-compiler.diff'
--- patches/it-set-compiler.diff 2016-04-22 19:21:50 +0000
+++ patches/it-set-compiler.diff 2016-05-04 17:29:22 +0000
@@ -2,13 +2,15 @@
Author: Matthias Klose <d...@ubuntu.com>
Forwarded: #openjdk on OFTC
---- openjdk-7-7u95-2.6.4.orig/Makefile.am
-+++ openjdk-7-7u95-2.6.4/Makefile.am
-@@ -616,6 +616,7 @@
+Index: b/Makefile.am
+===================================================================
+--- a/Makefile.am 2016-04-22 14:27:57.520981863 -0300
++++ b/Makefile.am 2016-04-22 14:27:57.516981802 -0300
+@@ -618,6 +618,7 @@
VERBOSE="$(VERBOSE)" \
STATIC_CXX="false" \
BUILD_GCC="$(CC)" \
+ BUILD_CPP="$(CXX)" \
BUILD_CXX="$(CXX)" \
- SYSTEM_CUPS="true" \
+ SYSTEM_CUPS="${ENABLE_SYSTEM_CUPS}" \
CUPS_LIBS="${CUPS_LIBS}" \
=== removed file 'patches/jdk-8152335-improve-methodhandle-consistency.patch'
--- patches/jdk-8152335-improve-methodhandle-consistency.patch 2016-04-22 19:21:50 +0000
+++ patches/jdk-8152335-improve-methodhandle-consistency.patch 1970-01-01 00:00:00 +0000
@@ -1,177 +0,0 @@
-# HG changeset patch
-# User poonam
-# Date 1458593316 25200
-# Mon Mar 21 13:48:36 2016 -0700
-# Node ID 8b0a075978f66e873d34258b0d6680320aa86f45
-# Parent c69b0765755e604a01d5802df49fbb9e9f8b3327
-8152335: Improve MethodHandle consistency
-Reviewed-by: vlivanov, acorn, jrose
-
-diff --git openjdk/jdk/src/share/classes/java/lang/ClassLoader.java openjdk/jdk/src//share/classes/java/lang/ClassLoader.java
---- openjdk/jdk/src/share/classes/java/lang/ClassLoader.java
-+++ openjdk/jdk/src/share/classes/java/lang/ClassLoader.java
-@@ -654,6 +654,9 @@
- if (!checkName(name))
- throw new NoClassDefFoundError("IllegalName: " + name);
-
-+ // Note: Checking logic in java.lang.invoke.MemberName.checkForTypeAlias
-+ // relies on the fact that spoofing is impossible if a class has a name
-+ // of the form "java.*"
- if ((name != null) && name.startsWith("java.")) {
- throw new SecurityException
- ("Prohibited package name: " +
-diff --git openjdk/jdk/src/share/classes/java/lang/invoke/MemberName.java openjdk/jdk/src//share/classes/java/lang/invoke/MemberName.java
---- openjdk/jdk/src/share/classes/java/lang/invoke/MemberName.java
-+++ openjdk/jdk/src/share/classes/java/lang/invoke/MemberName.java
-@@ -668,7 +668,7 @@
- assert(isResolved() == isResolved);
- }
-
-- void checkForTypeAlias() {
-+ void checkForTypeAlias(Class<?> refc) {
- if (isInvocable()) {
- MethodType type;
- if (this.type instanceof MethodType)
-@@ -676,16 +676,16 @@
- else
- this.type = type = getMethodType();
- if (type.erase() == type) return;
-- if (VerifyAccess.isTypeVisible(type, clazz)) return;
-- throw new LinkageError("bad method type alias: "+type+" not visible from "+clazz);
-+ if (VerifyAccess.isTypeVisible(type, refc)) return;
-+ throw new LinkageError("bad method type alias: "+type+" not visible from "+refc);
- } else {
- Class<?> type;
- if (this.type instanceof Class<?>)
- type = (Class<?>) this.type;
- else
- this.type = type = getFieldType();
-- if (VerifyAccess.isTypeVisible(type, clazz)) return;
-- throw new LinkageError("bad field type alias: "+type+" not visible from "+clazz);
-+ if (VerifyAccess.isTypeVisible(type, refc)) return;
-+ throw new LinkageError("bad field type alias: "+type+" not visible from "+refc);
- }
- }
-
-@@ -844,10 +844,25 @@
- MemberName m = ref.clone(); // JVM will side-effect the ref
- assert(refKind == m.getReferenceKind());
- try {
-+ // There are 4 entities in play here:
-+ // * LC: lookupClass
-+ // * REFC: symbolic reference class (MN.clazz before resolution);
-+ // * DEFC: resolved method holder (MN.clazz after resolution);
-+ // * PTYPES: parameter types (MN.type)
-+ //
-+ // What we care about when resolving a MemberName is consistency between DEFC and PTYPES.
-+ // We do type alias (TA) checks on DEFC to ensure that. DEFC is not known until the JVM
-+ // finishes the resolution, so do TA checks right after MHN.resolve() is over.
-+ //
-+ // All parameters passed by a caller are checked against MH type (PTYPES) on every invocation,
-+ // so it is safe to call a MH from any context.
-+ //
-+ // REFC view on PTYPES doesn't matter, since it is used only as a starting point for resolution and doesn't
-+ // participate in method selection.
- m = MethodHandleNatives.resolve(m, lookupClass);
-- m.checkForTypeAlias();
-+ m.checkForTypeAlias(m.getDeclaringClass());
- m.resolution = null;
-- } catch (LinkageError ex) {
-+ } catch (ClassNotFoundException | LinkageError ex) {
- // JVM reports that the "bytecode behavior" would get an error
- assert(!m.isResolved());
- m.resolution = ex;
-diff --git openjdk/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk/jdk/src//share/classes/java/lang/invoke/MethodHandleNatives.java
---- openjdk/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java
-+++ openjdk/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java
-@@ -46,7 +46,7 @@
-
- static native void init(MemberName self, Object ref);
- static native void expand(MemberName self);
-- static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError;
-+ static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError, ClassNotFoundException;
- static native int getMembers(Class<?> defc, String matchName, String matchSig,
- int matchFlags, Class<?> caller, int skip, MemberName[] results);
-
-diff --git openjdk/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java openjdk/jdk/src//share/classes/sun/invoke/util/VerifyAccess.java
---- openjdk/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
-+++ openjdk/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
-@@ -168,22 +168,66 @@
- * @param refc
- */
- public static boolean isTypeVisible(Class<?> type, Class<?> refc) {
-- if (type == refc) return true; // easy check
-+ if (type == refc) {
-+ return true; // easy check
-+ }
- while (type.isArray()) type = type.getComponentType();
-- if (type.isPrimitive() || type == Object.class) return true;
-- ClassLoader parent = type.getClassLoader();
-- if (parent == null) return true;
-- ClassLoader child = refc.getClassLoader();
-- if (child == null) return false;
-- if (parent == child || loadersAreRelated(parent, child, true))
-+ if (type.isPrimitive() || type == Object.class) {
- return true;
-- // Do it the hard way: Look up the type name from the refc loader.
-- try {
-- Class<?> res = child.loadClass(type.getName());
-- return (type == res);
-- } catch (ClassNotFoundException ex) {
-+ }
-+ ClassLoader typeLoader = type.getClassLoader();
-+ final ClassLoader refcLoader = refc.getClassLoader();
-+ if (typeLoader == refcLoader) {
-+ return true;
-+ }
-+ if (refcLoader == null && typeLoader != null) {
- return false;
- }
-+ if (typeLoader == null && type.getName().startsWith("java.")) {
-+ // Note: The API for actually loading classes, ClassLoader.defineClass,
-+ // guarantees that classes with names beginning "java." cannot be aliased,
-+ // because class loaders cannot load them directly.
-+ return true;
-+ }
-+
-+ // Do it the hard way: Look up the type name from the refc loader.
-+ //
-+ // Force the refc loader to report and commit to a particular binding for this type name (type.getName()).
-+ //
-+ // In principle, this query might force the loader to load some unrelated class,
-+ // which would cause this query to fail (and the original caller to give up).
-+ // This would be wasted effort, but it is expected to be very rare, occurring
-+ // only when an attacker is attempting to create a type alias.
-+ // In the normal case, one class loader will simply delegate to the other,
-+ // and the same type will be visible through both, with no extra loading.
-+ //
-+ // It is important to go through Class.forName instead of ClassLoader.loadClass
-+ // because Class.forName goes through the JVM system dictionary, which records
-+ // the class lookup once for all. This means that even if a not-well-behaved class loader
-+ // would "change its mind" about the meaning of the name, the Class.forName request
-+ // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary
-+ // will record the first successful result. Unsuccessful results are not stored.
-+ //
-+ // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary
-+ // class loader about the binding of the proposed name (type.getName()).
-+ // The looked up type ("res") is compared for equality against the proposed
-+ // type ("type") and then is discarded. Thus, the worst that can happen to
-+ // the "child" class loader is that it is bothered to load and report a class
-+ // that differs from "type"; this happens once due to JVM system dictionary
-+ // memoization. And the caller never gets to look at the alternate type binding
-+ // ("res"), whether it exists or not.
-+ final String name = type.getName();
-+ Class<?> res = java.security.AccessController.doPrivileged(
-+ new java.security.PrivilegedAction<Class>() {
-+ public Class<?> run() {
-+ try {
-+ return Class.forName(name, false, refcLoader);
-+ } catch (ClassNotFoundException | LinkageError e) {
-+ return null; // Assume the class is not found
-+ }
-+ }
-+ });
-+ return (type == res);
- }
-
- /**
=== modified file 'rules'
--- rules 2016-04-22 19:21:50 +0000
+++ rules 2016-05-04 17:29:22 +0000
@@ -6,8 +6,6 @@
unexport LANG LC_ALL
-dh_version := $(shell dpkg-query -f '$${Version}\n' -W debhelper | sed -n 's/^\(.\).*/\1/p')
-
# using brace expansion and substring replacements (${var:0:2}).
SHELL = /bin/bash
@@ -375,7 +373,8 @@
endif
endif
-ifneq (,$(filter $(distrel),squeeze wheezy precise lucid precise trusty vivid wily))
+ifneq (,$(filter $(distrel),squeeze wheezy jessie lucid precise trusty vivid wily))
+ # use the timezone files from tzdata-java
with_tzdata = yes
endif
@@ -459,7 +458,6 @@
debian/patches/dnd-files.patch \
debian/patches/jdk-bold-swing-fonts.patch \
debian/patches/javadoc-sort-enum-and-annotation-types.patch \
- debian/patches/jdk-8152335-improve-methodhandle-consistency.patch \
ifeq (,$(filter $(DEB_HOST_ARCH),arm64))
DISTRIBUTION_PATCHES += \
@@ -2185,15 +2183,15 @@
--strip-debug $$i; \
objcopy --add-gnu-debuglink $$id $$i; \
else \
- d=usr/lib/debug/.build-id/$${b_id:0:2}; \
- f=$${b_id:2}.debug; \
- mkdir -p $(d_dbg)/$$d; \
- objcopy --only-keep-debug --compress-debug-sections $$i $(d_dbg)/$$d/$$f; \
- chmod 644 $(d_dbg)/$$d/$$f; \
- strip --remove-section=.comment --remove-section=.note $$i; \
- pushd $(d_dbg)/$$d >/dev/null; \
- objcopy --add-gnu-debuglink $$f $(CURDIR)/$$i; \
- popd >/dev/null; \
+ d=$(d_dbg)/usr/lib/debug/.build-id/$${b_id:0:2}; \
+ mkdir -p $$d; \
+ objcopy --only-keep-debug --compress-debug-sections \
+ $$i $$d/$$b_id.debug; \
+ chmod 644 $$d/$$b_id.debug; \
+ strip --remove-section=.comment --remove-section=.note \
+ $$i; \
+ objcopy --add-gnu-debuglink \
+ $$d/$$b_id.debug $$i; \
fi; \
done
endif
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
