Hi all,
I update the Java:packages/java-1_6_0-openjdk to the recent released
version(s). OpenJDK drop is b18 and icedtea patchset is icedtea6-1.8.1. This
update also fixes the broken stack protector patch causes a lot of JVM
crashes.
The most notable change is the new plugin is default one and the
so file is called NPlugin.so as the old one. There are some Metacity related
fixes, security and crash fixes. The systemtap support on 11.2 has been
disabled.
- update to icedtea6-1.8.1 (bnc#623905)
- update to
openjdk-6-b18
- Latest security updates and hardening patches:
*
(CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299)
*
(CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if
run with -Xcomp (6894807)
* (CVE-2010-0838): CMM readMabCurveData Buffer
Overflow Vulnerability (6899653)
* (CVE-2010-0082): Loader-constraint
table allows arrays instead of only the base-classes (6626217)
*
(CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network
addresses (6893954)
* (CVE-2010-0085): File TOCTOU deserialization
vulnerability (6736390)
* (CVE-2010-0091): Unsigned applet can retrieve
the dragged information before drop action occurs (6887703)
*
(CVE-2010-0088): Inflater/Deflater clone issues (6745393)
*
(CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains.
(6633872)
* (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV ->
SEGV_MAPERR error (6888149)
* (CVE-2010-0094): Deserialization of
RMIConnectionImpl objects should enforce stricter checks (6893947)
*
(CVE-2010-0093): System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes (6892265)
* (CVE-2010-0840): Applet Trusted
Methods Chaining Privilege Escalation Vulnerability (6904691)
*
(CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
*
(CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
(6914866)
* (CVE-2009-3555): TLS: MITM attacks via session
renegotiation
- IcedTeaNPPlugin.
* RH524387:
javax.net.ssl.SSLKeyException: RSA premaster secret error
* Set context
classloader for all threads in an applet's threadgroup
* PR436: Close all
applet threads on exit
* PR480: NPPlugin with NoScript extension.
*
PR488: Question mark changing into underscore in URL.
* RH592553: Fix bug
causing 100% CPU usage.
* Don't generate a random pointer from a pthread_t
in the debug output.
* Add ForbiddenTargetException for legacy support.
* Use variadic macro for plugin debug message printing.
* Don't link the
plugin with libxul libraries.
* Fix race conditions in plugin
initialization code that were causing hangs.
* RH506730: BankID (Norwegian
common online banking authentication system) applet fails to load.
* Fix
policy evaluation to match the proprietary JDK.
* PR491: pass
java_{code,codebase,archive} parameters to Java.
* Adds
javawebstart.version property and give user permission to read that
property.
* Old plugin removed; NPPlugin is now the default and is
controlled by
--enable/disable-plugin. As with the old plugin, it
produces a
IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.
*
Dependence on the binary plugs mechanism removed. The plugin and NetX
code is now imported into the JDK build in the same manner as langtools,
CORBA, JAXP and JAXWS.
* Fix for plugin buffer overflow:
https://bugzilla.mozilla.org/show_bug.cgi?id=555342
- NetX:
* Fix security
flaw in NetX that allows arbitrary unsigned apps to set
any java
property.
* Fix a flaw that allows unsigned code to access any file on the
machine (accessible to the user) and write to it.
* Make path
sanitization consistent; use a blacklisting approach.
* Make the
SingleInstanceServer thread a daemon thread.
* Handle JNLP files which use
native libraries but do not indicate it
* Allow JNLP classloaders to share
native libraries
* Added encoding support
- bug fixes
* Nimbus Look 'n'
Feel backported from OpenJDK7.
* JAXP and JAXWS now external dependencies
rather than being in-tree.
* 6639665: ThreadGroup finalizer allows
creation of false root ThreadGroups
* 6898622: ObjectIdentifer.equals is
not capable of detecting incorrectly encoded CommonName OIDs
* 6910590:
Application can modify command array in ProcessBuilder
* 6909597:
JPEGImageReader stepX Integer Overflow Vulnerability
* 6932480: Crash in
CompilerThread/Parser. Unloaded array klass?
* 6678385: Fixes jvm crashes
when window is resized.
* Produces the "expected" behavior for full
screen applications, when
* Fix issue with ant -diagnostics on ant 1.8.0
due to changed exit code
* Zero/Shark
* Shark is now able to build
itself.
* For ARM, add Thumb2 JIT.
* Fixed Shark sharkCompiler mattr
memory corruption bug when using llvm 2.7.
* others
http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.h
tml
* Eliminate spurious exception throwing when using PulseAudio
* PR
shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.
* PR PR
icedtea/324, icedtea/481: Fix Shark VM crash.
* Fix Zero build on Hitachi
SH.
* PR476: Enable building SystemTap support on GCC 4.5.
- disabled
systemtap support on openSUSE 11.2, as it requires more recent version
-
require xulrunner191 on 11.1 too
Regards
Michal Vyskocil