Hi all, I update the Java:packages/java-1_6_0-openjdk to the recent released version(s). OpenJDK drop is b18 and icedtea patchset is icedtea6-1.8.1. This update also fixes the broken stack protector patch causes a lot of JVM crashes. The most notable change is the new plugin is default one and the so file is called NPlugin.so as the old one. There are some Metacity related fixes, security and crash fixes. The systemtap support on 11.2 has been disabled. - update to icedtea6-1.8.1 (bnc#623905) - update to openjdk-6-b18 - Latest security updates and hardening patches: * (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299) * (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) * (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653) * (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217) * (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) * (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390) * (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703) * (CVE-2010-0088): Inflater/Deflater clone issues (6745393) * (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) * (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) * (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) * (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) * (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) * (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823) * (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866) * (CVE-2009-3555): TLS: MITM attacks via session renegotiation - IcedTeaNPPlugin. * RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error * Set context classloader for all threads in an applet's threadgroup * PR436: Close all applet threads on exit * PR480: NPPlugin with NoScript extension. * PR488: Question mark changing into underscore in URL. * RH592553: Fix bug causing 100% CPU usage. * Don't generate a random pointer from a pthread_t in the debug output. * Add ForbiddenTargetException for legacy support. * Use variadic macro for plugin debug message printing. * Don't link the plugin with libxul libraries. * Fix race conditions in plugin initialization code that were causing hangs. * RH506730: BankID (Norwegian common online banking authentication system) applet fails to load. * Fix policy evaluation to match the proprietary JDK. * PR491: pass java_{code,codebase,archive} parameters to Java. * Adds javawebstart.version property and give user permission to read that property. * Old plugin removed; NPPlugin is now the default and is controlled by --enable/disable-plugin. As with the old plugin, it produces a IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so. * Dependence on the binary plugs mechanism removed. The plugin and NetX code is now imported into the JDK build in the same manner as langtools, CORBA, JAXP and JAXWS. * Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342 - NetX: * Fix security flaw in NetX that allows arbitrary unsigned apps to set any java property. * Fix a flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it. * Make path sanitization consistent; use a blacklisting approach. * Make the SingleInstanceServer thread a daemon thread. * Handle JNLP files which use native libraries but do not indicate it * Allow JNLP classloaders to share native libraries * Added encoding support - bug fixes * Nimbus Look 'n' Feel backported from OpenJDK7. * JAXP and JAXWS now external dependencies rather than being in-tree. * 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups * 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs * 6910590: Application can modify command array in ProcessBuilder * 6909597: JPEGImageReader stepX Integer Overflow Vulnerability * 6932480: Crash in CompilerThread/Parser. Unloaded array klass? * 6678385: Fixes jvm crashes when window is resized. * Produces the "expected" behavior for full screen applications, when * Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code * Zero/Shark * Shark is now able to build itself. * For ARM, add Thumb2 JIT. * Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7. * others http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.h tml * Eliminate spurious exception throwing when using PulseAudio * PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte. * PR PR icedtea/324, icedtea/481: Fix Shark VM crash. * Fix Zero build on Hitachi SH. * PR476: Enable building SystemTap support on GCC 4.5. - disabled systemtap support on openSUSE 11.2, as it requires more recent version - require xulrunner191 on 11.1 too Regards Michal Vyskocil