Hello community, here is the log from the commit of package java-1_7_0-openjdk for openSUSE:Factory checked in at 2017-02-19 00:58:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/java-1_7_0-openjdk (Old) and /work/SRC/openSUSE:Factory/.java-1_7_0-openjdk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "java-1_7_0-openjdk" Changes: -------- --- /work/SRC/openSUSE:Factory/java-1_7_0-openjdk/java-1_7_0-openjdk-bootstrap.changes 2016-11-16 13:44:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.java-1_7_0-openjdk.new/java-1_7_0-openjdk-bootstrap.changes 2017-02-19 00:58:56.801154247 +0100 @@ -1,0 +2,196 @@ +Tue Feb 14 06:39:40 UTC 2017 - fstrba@suse.com + +- Update to 2.6.9 - OpenJDK 7u131 (bsc#1020905) + * Security fixes + - S8138725: Add options for Javadoc generation + - S8140353: Improve signature checking + - S8151934, CVE-2017-3231: Resolve class resolution + - S8156804, CVE-2017-3241: Better constraint checking + - S8158406: Limited Parameter Processing + - S8158997: JNDI Protocols Switch + - S8159507: RuntimeVisibleAnnotation validation + - S8161218: Better bytecode loading + - S8161743, CVE-2017-3252: Provide proper login context + - S8162577: Standardize logging levels + - S8162973: Better component components + - S8164143, CVE-2017-3260: Improve components for menu items + - S8164147, CVE-2017-3261: Improve streaming socket output + - S8165071, CVE-2016-2183: Expand TLS support + - S8165344, CVE-2017-3272: Update concurrency support + - S8166988, CVE-2017-3253: Improve image processing performance + - S8167104, CVE-2017-3289: Additional class construction + refinements + - S8167223, CVE-2016-5552: URL handling improvements + - S8168705, CVE-2016-5547: Better ObjectIdentifier validation + - S8168714, CVE-2016-5546: Tighten ECDSA validation + - S8168728, CVE-2016-5548: DSA signing improvments + - S8168724, CVE-2016-5549: ECDSA signing improvments + * Import of OpenJDK 7 u131 build 0 + - S6253144: Long narrowing conversion should describe the + algorithm used and implied "risks" + - S6328537: Improve javadocs for Socket class by adding + references to SocketOptions + - S6978886: javadoc shows stacktrace after print error + resulting from disk full + - S6995421: Eliminate the static dependency to + sun.security.ec.ECKeyFactory + - S6996372: synchronizing handshaking hash + - S7027045: (doc) java/awt/Window.java has several typos in + javadoc + - S7054969: Null-check-in-finally pattern in java/security + documentation + - S7072353: JNDI libraries do not build with javac -Xlint:all + -Werror + - S7075563: Broken link in "javax.swing.SwingWorker" + - S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11 + - S7088502: Security libraries don't build with javac -Werror + - S7092447: Clarify the default locale used in each locale + sensitive operation + - S7093640: Enable client-side TLS 1.2 by default + - S7103570: AtomicIntegerFieldUpdater does not work when + SecurityManager is installed + - S7117360: Warnings in java.util.concurrent.atomic package + - S7117465: Warning cleanup for IMF classes + - S7187144: JavaDoc for ScriptEngineFactory.getProgram() + contains an error + - S8000418: javadoc should used a standard "generated by + javadoc" string + - S8000666: javadoc should write directly to Writer instead of + composing strings + - S8000673: remove dead code from HtmlWriter and subtypes + - S8000970: break out auxiliary classes that will prevent + multi-core compilation of the JDK + - S8001669: javadoc internal DocletAbortException should set + cause when appropriate + - S8008949: javadoc stopped copying doc-files + - S8011402: Move blacklisting certificate logic from hard code + to data + - S8011547: Update XML Signature implementation to Apache + Santuario 1.5.4 + - S8012288: XML DSig API allows wrong tag names and extra + elements in SignedInfo + - S8016217: More javadoc warnings + - S8017325: Cleanup of the javadoc <code> tag in + java.security.cert + - S8017326: Cleanup of the javadoc <code> tag in + java.security.spec + - S8019772: Fix doclint issues in javax.crypto and + javax.security subpackages + - S8020557: javadoc cleanup in javax.security + - S8020688: Broken links in documentation at + http://docs.oracle.com/javase/6/docs/api/index. + - S8021108: Clean up doclint warnings and errors in java.text + package + - S8021417: Fix doclint issues in java.util.concurrent + - S8021833: javadoc cleanup in java.net + - S8022120: JCK test + api/javax_xml/crypto/dsig/TransformService/index_ParamMethods + fails + - S8022175: Fix doclint warnings in javax.print + - S8022406: Fix doclint issues in java.beans + - S8022746: List of spelling errors in API doc + - S8024779: [macosx] SwingNode crashes on exit + - S8025085: [javadoc] some errors in javax/swing + - S8025218: [javadoc] some errors in java/awt classes + - S8025249: [javadoc] fix some javadoc errors in javax/swing/ + - S8025409: Fix javadoc comments errors and warning reported by + doclint report + - S8026021: more fix of javadoc errors and warnings reported by + doclint, see the description + - S8037099: [macosx] Remove all references to GC from native + OBJ-C code + - S8038184: XMLSignature throws StringIndexOutOfBoundsException + if ID attribute value is empty String + - S8038349: Signing XML with DSA throws Exception when key is + larger than 1024 bits + - S8049244: XML Signature performance issue caused by + unbuffered signature data + - S8049432: New tests for TLS property jdk.tls.client.protocols + - S8050893: (smartcardio) Invert reset argument in tests in + sun/security/smartcardio + - S8059212: Modify sun/security/smartcardio manual regression + tests so that they do not just fail if no cardreader found + - S8068279: (typo in the spec) + javax.script.ScriptEngineFactory.getLanguageName + - S8068491: Update the protocol for references of + docs.oracle.com to HTTPS. + - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs + to be updated for JDK-8061210 + - S8076369: Introduce the jdk.tls.client.protocols system + property for JDK 7u + - S8139565: Restrict certificates with DSA keys less than 1024 + bits + - S8140422: Add mechanism to allow non default root CAs to be + not subject to algorithm restrictions + - S8140587: Atomic*FieldUpdaters should use Class.isInstance + instead of direct class check + - S8143959: Certificates requiring blacklisting + - S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks + - S8148516: Improve the default strength of EC in JDK + - S8149029: Secure validation of XML based digital signature + always enabled when checking wrapping attacks + - S8151893: Add security property to configure XML Signature + secure validation mode + - S8155760: Implement Serialization Filtering + - S8156802: Better constraint checking + - S8161228: URL objects with custom protocol handlers have port + changed after deserializing + - S8161571: Verifying ECDSA signatures permits trailing bytes + - S8163304: jarsigner -verbose -verify should print the + algorithms used to sign the jar + - S8164908: ReflectionFactory support for IIOP and custom + serialization + - S8165230: RMIConnection addNotificationListeners failing with + specific inputs + - S8166393: disabledAlgorithms property should not be strictly + parsed + - S8166591: [macos 10.12] Trackpad scrolling of text on OS X + 10.12 Sierra is very fast (Trackpad, Retina only) + - S8166739: Improve extensibility of ObjectInputFilter + information passed to the filter + - S8166875: (tz) Support tzdata2016g + - S8166878: Connection reset during TLS handshake + - S8167356: Follow up fix for jdk8 backport of 8164143. Changes + for CMenuComponent.m were missed + - S8167459: Add debug output for indicating if a chosen + ciphersuite was legacy + - S8167472: Chrome interop regression with JDK-8148516 + - S8167591: Add MD5 to signed JAR restrictions + - S8168861: AnchorCertificates uses hardcoded password for + cacerts keystore + - S8168993: JDK8u121 L10n resource file update + - S8169191: (tz) Support tzdata2016i + - S8169688: Backout (remove) MD5 from + jdk.jar.disabledAlgorithms for January CPU + - S8169911: Enhanced tests for jarsigner -verbose -verify after + JDK-8163304 + - S8170131: Certificates not being blocked by + jdk.tls.disabledAlgorithms property + - S8170268: 8u121 L10n resource file update - msgdrop 20 + - S8173622: Backport of 7180907 is incomplete + - S8173849: Fix use of java.util.Base64 in test cases + - S8173854: [TEST] Update DHEKeySizing test case following + 8076328 & 8081760 + * Backports + - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on + __APPLE__and _LLP64 systems. + - S8000351, PR3316, RH1390708: Tenuring threshold should be + unsigned + - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak: + GlobalRefs never deleted when processing invokeMethod command + - S8170888, PR3316, RH1390708: [linux] Experimental support for + cgroup memory limits in container (ie Docker) environments + * Bug fixes + - PR3318: Replace 'infinality' with 'improved font rendering' + (--enable-improved-font-rendering) + - PR3318: Fix compatibility with vanilla Fontconfig + - PR3318: Fix glyph y advance + - PR3318: Always round glyph advance in 26.6 space + - PR3318: Simplify glyph advance handling + - PR3324: Fix NSS_LIBDIR substitution in + make_generic_profile.sh broken by PR1989 + * AArch64 port + - S8165673, PR3320: AArch64: Fix JNI floating point argument + handling + +------------------------------------------------------------------- java-1_7_0-openjdk.changes: same change Old: ---- icedtea-2.6.8.tar.xz icedtea-2.6.8.tar.xz.sig New: ---- icedtea-2.6.9.tar.xz icedtea-2.6.9.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ java-1_7_0-openjdk-bootstrap.spec ++++++ --- /var/tmp/diff_new_pack.VtSrT3/_old 2017-02-19 00:58:59.252809982 +0100 +++ /var/tmp/diff_new_pack.VtSrT3/_new 2017-02-19 00:58:59.256809420 +0100 @@ -1,7 +1,7 @@ # # spec file for package java-1_7_0-openjdk-bootstrap # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{!?aarch64:%global aarch64 aarch64 arm64 armv8} %global jit_arches %{ix86} x86_64 ppc64 ppc64le %{arm} %{aarch64} %global test_arches %{ix86} x86_64 ppc64 ppc64le -%global icedtea_version 2.6.8 +%global icedtea_version 2.6.9 %global icedtea_sound_version 1.0.1 %global mauvedate 2008-10-22 %global buildoutputdir openjdk.build/ @@ -31,7 +31,7 @@ # Standard JPackage naming and versioning defines. %global priority 1705 %global javaver 1.7.0 -%global buildver 121 +%global buildver 131 # Standard JPackage directories and symbolic links. %global sdklnk java-%{javaver}-openjdk %global archname %{sdklnk} @@ -1204,6 +1204,7 @@ %endif # % ghost %{_jvmdir}/%{jredir}/lib/security/cacerts # % endif +%config(noreplace) %{_jvmdir}/%{jredir}/lib/security/blacklisted.certs %config(noreplace) %{_jvmdir}/%{jredir}/lib/security/java.policy %config(noreplace) %{_jvmdir}/%{jredir}/lib/security/java.security %config(noreplace) %{_jvmdir}/%{jredir}/lib/security/nss.cfg java-1_7_0-openjdk.spec: same change ++++++ corba.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/corba-9e002eaf26ed/.hgtags new/corba-737fd3fbf139/.hgtags --- old/corba-9e002eaf26ed/.hgtags 2016-10-28 09:01:29.000000000 +0200 +++ new/corba-737fd3fbf139/.hgtags 2017-02-07 05:06:20.000000000 +0100 @@ -662,3 +662,6 @@ e5578d3bc593a075da3286a8e804dacb86e2e466 icedtea-2.6.7 8bceffc6f67ec6202f067578051a94fd449e43b2 icedtea-2.6.8pre01 ad3a33a23c69608ae140d4564d045b62533f45a3 jdk7u121-b00 +9e002eaf26ed37030c32c6ab410ac278b8118ee2 icedtea-2.6.8 +ba84d0d43df1de8075f5ab5b02adfe1b964111ec icedtea-2.6.9pre01 +d93d13bcb01d7b635d0e021877e1102e34bae8fb jdk7u131-b00 ++++++ hotspot.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_7_0-openjdk/hotspot.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_7_0-openjdk.new/hotspot.tar.bz2 differ: char 11, line 1 ++++++ icedtea-2.6.8.tar.xz -> icedtea-2.6.9.tar.xz ++++++ ++++ 10352 lines of diff (skipped) ++++++ jaxp.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jaxp-3369fa5a875b/.hgtags new/jaxp-aa1c302a99fb/.hgtags --- old/jaxp-3369fa5a875b/.hgtags 2016-10-28 09:01:30.000000000 +0200 +++ new/jaxp-aa1c302a99fb/.hgtags 2017-02-07 05:06:22.000000000 +0100 @@ -663,3 +663,6 @@ b643540c673d0018dbed0673c8c20ca763be7c7d icedtea-2.6.7 dfe9f8c968dfa846dbaf36f5605acd4e10764d65 icedtea-2.6.8pre01 b198ece212c1f7ff382d9282624411a260b52a55 jdk7u121-b00 +3369fa5a875b8c39e9dc2b16bd8486270947d73c icedtea-2.6.8 +6572cfcae3450e4fc9225ceecaf1acdb6dd5891a icedtea-2.6.9pre01 +51ed13d07beb90ff71d8625d9d6409cc4add5cbc jdk7u131-b00 ++++++ jaxws.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jaxws-26bcf28b3a60/.hgtags new/jaxws-ea96df8beff4/.hgtags --- old/jaxws-26bcf28b3a60/.hgtags 2016-10-28 09:01:31.000000000 +0200 +++ new/jaxws-ea96df8beff4/.hgtags 2017-02-07 05:06:25.000000000 +0100 @@ -662,3 +662,6 @@ 4a99f4eac2574c1d6c076b835e112d42ba7fbc7c icedtea-2.6.7 6ae901b4503169508c710114b7cd1a701e86bea1 icedtea-2.6.8pre01 29919af594f46f158604db87edbd538a3890884a jdk7u121-b00 +26bcf28b3a6076e7b51f88d6d78d4709c8da93d4 icedtea-2.6.8 +3301b643d02c62f1b73f4fc70cfb52378ba0303e icedtea-2.6.9pre01 +edcc7c1e297588b30daaf61e3cdf25203f829cd4 jdk7u131-b00 ++++++ jdk.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_7_0-openjdk/jdk.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_7_0-openjdk.new/jdk.tar.bz2 differ: char 11, line 1 ++++++ langtools.tar.bz2 ++++++ ++++ 5954 lines of diff (skipped) ++++++ openjdk.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea7-forest-2-6-653c2662034d/.hgtags new/icedtea7-forest-2-6-2dd04ef37829/.hgtags --- old/icedtea7-forest-2-6-653c2662034d/.hgtags 2016-10-28 09:01:27.000000000 +0200 +++ new/icedtea7-forest-2-6-2dd04ef37829/.hgtags 2017-02-07 05:06:16.000000000 +0100 @@ -660,3 +660,6 @@ 6aafb6fe0a1e36055566484bef4f93dba6c05ad2 icedtea-2.6.7 a1ef40f591be786c98967b07650992c32905bc38 icedtea-2.6.8pre01 974935f4e21dae1170b5247a8af362617d105e1c jdk7u121-b00 +653c2662034dc87d063bc61c9741045041db7182 icedtea-2.6.8 +36a89571adf078953219bf591098eaf18bc7213f icedtea-2.6.9pre01 +259e6ca7faf17e2b96fb0733f30e62327a7acdfa jdk7u131-b00