[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Tiago Stürmer Daitx]

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2183

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5546

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5547

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5548

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5552

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3231

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3241

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3252

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3253

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3260

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3261

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3272

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3289

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Tiago Stürmer Daitx]

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5549

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Launchpad Bug Tracker]

This bug was fixed in the package openjdk-8 - 8u121-b13-0ubuntu1.16.10.2

---
openjdk-8 (8u121-b13-0ubuntu1.16.10.2) yakkety-security; urgency=medium

  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
  * debian/rules: updated jtreg tests to use agentvm and auto concurrency.

openjdk-8 (8u121-b13-0ubuntu1.16.10.1) yakkety-security; urgency=medium

  * Update to 8u121-b13, including security fixes:
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
  confusion.
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
  required call to super.init allowing for uninitialized objects to be
  created.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
  deserialized to prevent attacks that could escape the sandbox.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
  dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
  extraneous bytes added to them whereas the signature is supposed to be
  unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
  sections to be 2^32-1 bytes long so these should not be uncompressed
  unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
  leak information about k.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
  leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
  deserialize responses from an LDAP server when an LDAP context is
  expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
  users or external applications would interpret them leading to possible
  security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
  into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
  SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
  dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
  long running sessions are allowed.
  * debian/patches/8132051-zero.diff: superseeded by upstream fix S8154210;
deleted.
  * debian/patches/hotspot-JDK-8158260-ppc64el.patch: applied upstream;
deleted.
  * debian/patches/6926048.diff: already applied upstream; deleted.
  * debian/patches/jdk-ppc64el-S8170153.patch: improve StrictMath performance
on ppc64el. LP: #1646927.
  * debian/patches/openjdk-ppc64el-S8170153.patch: same.
  * debian/patches/jdk-841269-filechooser.patch: fix FileChooser behavior when
displaying links to non-existant files. Closes: #841269.
  * Refreshed various patches.

openjdk-8 (8u111-b14-3) unstable; urgency=high

  [ Tiago Stürmer Daitx ]
  * Remove cacao references, updated jtreg tests to use agentvm and auto
concurrency.
  * Run the jtreg tests on autopkg testing.

 -- Tiago Stürmer Daitx   Mon, 23 Jan 2017
11:22:24 +

** Changed in: openjdk-8 (Ubuntu)
   Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2183

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5546

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5547

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5548

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5549

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5552

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3231

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3241

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3252

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3253

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3260

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3261

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3272

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3289

** Changed in: openjdk-8 (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Launchpad Bug Tracker]

This bug was fixed in the package openjdk-8 - 8u121-b13-0ubuntu1.16.04.2

---
openjdk-8 (8u121-b13-0ubuntu1.16.04.2) xenial-security; urgency=medium

  * Backport to 16.04.

openjdk-8 (8u121-b13-0ubuntu1.16.10.2) yakkety-security; urgency=medium

  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
  * debian/rules: updated jtreg tests to use agentvm and auto concurrency.

openjdk-8 (8u121-b13-0ubuntu1.16.04.1) xenial-security; urgency=medium

  * Backport to 16.04.

openjdk-8 (8u121-b13-0ubuntu1.16.10.1) yakkety-security; urgency=medium

  * Update to 8u121-b13, including security fixes.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
  confusion.
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
  required call to super.init allowing for uninitialized objects to be
  created.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
  deserialized to prevent attacks that could escape the sandbox.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
  dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
  extraneous bytes added to them whereas the signature is supposed to be
  unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
  sections to be 2^32-1 bytes long so these should not be uncompressed
  unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
  leak information about k.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
  leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
  deserialize responses from an LDAP server when an LDAP context is
  expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
  users or external applications would interpret them leading to possible
  security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
  into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
  SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
  dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
  long running sessions are allowed.
  * debian/patches/8132051-zero.diff: superseeded by upstream fix S8154210;
deleted.
  * debian/patches/hotspot-JDK-8158260-ppc64el.patch: applied upstream;
deleted.
  * debian/patches/6926048.diff: already applied upstream; deleted.
  * debian/patches/jdk-ppc64el-S8170153.patch: improve StrictMath performance
on ppc64el. LP: #1646927.
  * debian/patches/openjdk-ppc64el-S8170153.patch: same.
  * debian/patches/jdk-841269-filechooser.patch: fix FileChooser behavior when
displaying links to non-existant files. Closes: #841269.
  * Refreshed various patches.

 -- Tiago Stürmer Daitx   Mon, 23 Jan 2017
11:23:44 +

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Gustavo Romero]

Sorry, I didn't understand your point. The patch is already on 9 and 8u
upstream. Could you clarify please?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Matthias Klose]

could these be proposed for an upstream backport?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Steve Langasek]

** Changed in: openjdk-8 (Ubuntu)
 Assignee: Taco Screen team (taco-screen-team) => Tiago Stürmer Daitx 
(tdaitx)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Gustavo Romero]

Yes, absolutely. I'll request it and update this bug. Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

[Matthias Klose]

would it be possible to propose this patch upstream for backporting to
jdk8u?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs